CVE-2017-14491
Summary
| CVE | CVE-2017-14491 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2017-10-04 01:29:00 UTC |
| Updated | 2023-11-07 02:39:00 UTC |
| Description | Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response. |
Risk And Classification
Problem Types: CWE-787
NVD Known Affected Configurations (CPE 2.3)
| Type | Vendor | Product | Version | Update | Edition | Language |
|---|---|---|---|---|---|---|
| Operating System | Arista | Eos | All | All | All | All |
| Operating System | Arista | Eos | All | All | All | All |
| Operating System | Arista | Eos | All | All | All | All |
| Operating System | Arubanetworks | Arubaos | All | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 12.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 12.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 14.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 16.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 17.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 12.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 14.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 16.04 | All | All | All |
| Operating System | Canonical | Ubuntu Linux | 17.04 | All | All | All |
| Operating System | Debian | Debian Linux | 7.0 | All | All | All |
| Operating System | Debian | Debian Linux | 7.1 | All | All | All |
| Operating System | Debian | Debian Linux | 8.0 | All | All | All |
| Operating System | Debian | Debian Linux | 9.0 | All | All | All |
| Operating System | Debian | Debian Linux | 7.0 | All | All | All |
| Operating System | Debian | Debian Linux | 7.1 | All | All | All |
| Operating System | Debian | Debian Linux | 9.0 | All | All | All |
| Hardware | Huawei | Honor V9 Play | - | All | All | All |
| Operating System | Huawei | Honor V9 Play Firmware | All | All | All | All |
| Operating System | Microsoft | Windows | - | All | All | All |
| Operating System | Novell | Leap | 42.2 | All | All | All |
| Operating System | Novell | Leap | 42.3 | All | All | All |
| Operating System | Novell | Leap | 42.2 | All | All | All |
| Operating System | Novell | Leap | 42.3 | All | All | All |
| Application | Nvidia | Geforce Experience | All | All | All | All |
| Hardware | Nvidia | Jetson Tk1 | - | All | All | All |
| Hardware | Nvidia | Jetson Tx1 | - | All | All | All |
| Operating System | Nvidia | Linux For Tegra | All | All | All | All |
| Operating System | Opensuse | Leap | 42.2 | All | All | All |
| Operating System | Opensuse | Leap | 42.3 | All | All | All |
| Operating System | Redhat | Enterprise Linux Desktop | 6.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Desktop | 7.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Desktop | 6.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Desktop | 7.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server | 6.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server | 7.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server | 6.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Server | 7.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Workstation | 6.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Workstation | 7.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Workstation | 6.0 | All | All | All |
| Operating System | Redhat | Enterprise Linux Workstation | 7.0 | All | All | All |
| Hardware | Siemens | Ruggedcom Rm1224 | - | All | All | All |
| Operating System | Siemens | Ruggedcom Rm1224 Firmware | All | All | All | All |
| Hardware | Siemens | Scalance M-800 | - | All | All | All |
| Operating System | Siemens | Scalance M-800 Firmware | All | All | All | All |
| Hardware | Siemens | Scalance S615 | - | All | All | All |
| Operating System | Siemens | Scalance S615 Firmware | All | All | All | All |
| Hardware | Siemens | Scalance W1750d | - | All | All | All |
| Operating System | Siemens | Scalance W1750d Firmware | All | All | All | All |
| Application | Suse | Linux Enterprise Debuginfo | 11 | sp3 | All | All |
| Application | Suse | Linux Enterprise Debuginfo | 11 | sp4 | All | All |
| Application | Suse | Linux Enterprise Point Of Sale | 11 | sp3 | All | All |
| Operating System | Suse | Linux Enterprise Server | 11 | sp3 | All | All |
| Operating System | Suse | Linux Enterprise Server | 11 | sp4 | All | All |
| Operating System | Suse | Linux Enterprise Server | 12 | All | All | All |
| Application | Synology | Diskstation Manager | 5.2 | All | All | All |
| Application | Synology | Diskstation Manager | 6.0 | All | All | All |
| Application | Synology | Diskstation Manager | 6.1 | All | All | All |
| Application | Synology | Router Manager | 1.1 | All | All | All |
| Application | Thekelleys | Dnsmasq | All | All | All | All |
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| thekelleys.org.uk Git - dnsmasq.git/commit | thekelleys.org.uk | ||
| Red Hat Customer Portal | REDHAT | access.redhat.com | Third Party Advisory |
| BSA-2017-449 | CONFIRM | www.broadcom.com | |
| thekelleys.org.uk/dnsmasq/CHANGELOG | CONFIRM | thekelleys.org.uk | Release Notes, Vendor Advisory |
| Debian -- Security Information -- DSA-3989-1 dnsmasq | DEBIAN | www.debian.org | Third Party Advisory |
| [security-announce] SUSE-SU-2017:2619-1: important: Security update for dnsmasq - openSUSE Security Announce - openSUSE Mailing Lists | SUSE | lists.opensuse.org | |
| Vulnerability Note VU#973527 - Dnsmasq contains multiple vulnerabilities | CERT-VN | www.kb.cert.org | Third Party Advisory, US Government Resource |
| [SECURITY] Fedora 27 Update: dnsmasq-2.77-9.fc27 - package-announce - Fedora Mailing-Lists | lists.fedoraproject.org | ||
| Red Hat Customer Portal | REDHAT | access.redhat.com | Third Party Advisory |
| RETIRED: Multiple Siemens SCALANCE Products Multiple Security Vulnerabilities | BID | www.securityfocus.com | |
| Security Bulletin: NVIDIA Tegra Jetson L4T contains multiple vulnerabilities; updates for “BlueBorne” and “Dnsmasq”. | NVIDIA | CONFIRM | nvidia.custhelp.com | |
| Security Advisory 0030 - Arista | MISC | www.arista.com | |
| thekelleys.org.uk Git - dnsmasq.git/commit | CONFIRM | thekelleys.org.uk | Patch, Vendor Advisory |
| Red Hat Customer Portal | REDHAT | access.redhat.com | Third Party Advisory |
| Dnsmasq Multiple Flaws Let Remote Users Execute Arbitrary Code, Deny Service, and Obtain Potentially Sensitive Information - SecurityTracker | SECTRACK | www.securitytracker.com | Third Party Advisory, VDB Entry |
| [security-announce] SUSE-SU-2017:2617-1: important: Security update for dnsmasq - openSUSE Security Announce - openSUSE Mailing Lists | SUSE | lists.opensuse.org | |
| USN-3430-2: Dnsmasq vulnerabilities | Ubuntu | UBUNTU | www.ubuntu.com | Third Party Advisory |
| Dnsmasq 2-Byte Heap-Based Overflow ≈ Packet Storm | MISC | packetstormsecurity.com | |
| Debian -- Security Information -- DSA-3989-1 dnsmasq | DEBIAN | www.debian.org | |
| Red Hat Customer Portal | REDHAT | access.redhat.com | Third Party Advisory |
| Dnsmasq: Multiple vulnerabilities (GLSA 201710-27) — Gentoo security | GENTOO | security.gentoo.org | |
| Synology-SA-17:59 Dnsmasq | Synology Inc. | CONFIRM | www.synology.com | |
| [SECURITY] Fedora 25 Update: dnsmasq-2.76-4.fc25 - package-announce - Fedora Mailing-Lists | FEDORA | lists.fedoraproject.org | |
| [security-announce] SUSE-SU-2017:2616-1: important: Security update for dnsmasq - openSUSE Security Announce - openSUSE Mailing Lists | SUSE | lists.opensuse.org | |
| www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-005.txt | CONFIRM | www.arubanetworks.com | |
| Security Bulletin: NVIDIA Installer Framework contains a vulnerability in NVISystemService64 affecting GFE | NVIDIA | CONFIRM | nvidia.custhelp.com | |
| Dnsmasq < 2.78 - 2-byte Heap Overflow | EXPLOIT-DB | www.exploit-db.com | Third Party Advisory, VDB Entry |
| USN-3430-3: Dnsmasq regression | Ubuntu | UBUNTU | www.ubuntu.com | |
| cert-portal.siemens.com/productcert/pdf/ssa-689071.pdf | CONFIRM | cert-portal.siemens.com | |
| BSA-2017-449 | CONFIRM | www.broadcom.com | |
| Red Hat Customer Portal | REDHAT | access.redhat.com | Third Party Advisory |
| [SECURITY] Fedora 25 Update: dnsmasq-2.76-4.fc25 - package-announce - Fedora Mailing-Lists | lists.fedoraproject.org | ||
| dnsmasq: Multiple Critical and Important vulnerabilities - Red Hat Customer Portal | CONFIRM | access.redhat.com | Issue Tracking, Third Party Advisory |
| USN-3430-1: Dnsmasq vulnerabilities | Ubuntu | UBUNTU | www.ubuntu.com | Third Party Advisory |
| [SECURITY] Fedora 26 Update: dnsmasq-2.76-5.fc26 - package-announce - Fedora Mailing-Lists | lists.fedoraproject.org | ||
| Dnsmasq VU#973527 Multiple Security Vulnerabilities | BID | www.securityfocus.com | Third Party Advisory, VDB Entry |
| [Dnsmasq-discuss] IMPORTANT SECURITY INFORMATION. | www.mail-archive.com | ||
| Google Online Security Blog: Behind the Masq: Yet more DNS, and DHCP, vulnerabilities | MISC | security.googleblog.com | Third Party Advisory |
| [Dnsmasq-discuss] Announce: dnsmasq-2.78. | www.mail-archive.com | ||
| Security Advisory - Seven vulnerabilities in Google Dnsmasq | CONFIRM | www.huawei.com | |
| [security-announce] openSUSE-SU-2017:2633-1: important: Security update | SUSE | lists.opensuse.org | Third Party Advisory |
| Red Hat Customer Portal | REDHAT | access.redhat.com | Third Party Advisory |
| [SECURITY] Fedora 26 Update: dnsmasq-2.76-5.fc26 - package-announce - Fedora Mailing-Lists | FEDORA | lists.fedoraproject.org | |
| [Dnsmasq-discuss] IMPORTANT SECURITY INFORMATION. | MLIST | www.mail-archive.com | Mailing List, Third Party Advisory |
| [SECURITY] Fedora 27 Update: dnsmasq-2.77-9.fc27 - package-announce - Fedora Mailing-Lists | FEDORA | lists.fedoraproject.org | |
| [Dnsmasq-discuss] Announce: dnsmasq-2.78. | MLIST | www.mail-archive.com | Mailing List, Third Party Advisory |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 352293 Amazon Linux Security Update for dnsmasq: AL2012-2021-334
- 378236 Virtuozzo Linux Security Update for dnsmasq-utils (VZLSA-2017:2838)
- 500147 Alpine Linux Security Update for dnsmasq
- 503797 Alpine Linux Security Update for dnsmasq
- 610322 Google Android Devices March 2021 Security Patch Missing
- 610323 Google Android March 2021 Security Patch Missing for LGE
- 610324 Google Android March 2021 Security Patch Missing for Huawei EMUI
- 610325 Google Android March 2021 Security Patch Missing for Samsung
- 710376 Gentoo Linux Dnsmasq Multiple Vulnerabilities (GLSA 201710-27)