// For flags

CVE-2017-14491

Dnsmasq < 2.78 - 2-byte Heap Overflow

Severity Score

9.8
*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

4
*Multiple Sources

Exploited in Wild

-
*KEV

Decision

-
*SSVC
Descriptions

Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response.

Un desbordamiento de búfer basado en memoria dinámica (heap) en dnsmasq en versiones anteriores a la 2.78 permite a los atacantes provocar una denegación de servicio (cierre inesperado) o ejecutar código arbitrario utilizando una respuesta DNS manipulada.

A heap buffer overflow was found in dnsmasq in the code responsible for building DNS replies. An attacker could send crafted DNS packets to dnsmasq which would cause it to crash or, potentially, execute arbitrary code.

The dnsmasq packages contain Dnsmasq, a lightweight DNS forwarder and DHCP server. Security Fix: A heap buffer overflow was found in dnsmasq in the code responsible for building DNS replies. An attacker could send crafted DNS packets to dnsmasq which would cause it to crash or, potentially, execute arbitrary code. A heap buffer overflow was discovered in dnsmasq in the IPv6 router advertisement handling code. An attacker on the local network segment could send crafted RAs to dnsmasq which would cause it to crash or, potentially, execute arbitrary code. This issue only affected configurations using one of these options: enable-ra, ra-only, slaac, ra-names, ra-advrouter, or ra-stateless.

*Credits: N/A
CVSS Scores
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Partial
Integrity
Partial
Availability
Partial
Attack Vector
Network
Attack Complexity
Low
Authentication
None
Confidentiality
Complete
Integrity
Complete
Availability
Complete
* Common Vulnerability Scoring System
SSVC
  • Decision:-
Exploitation
-
Automatable
-
Tech. Impact
-
* Organization's Worst-case Scenario
Timeline
  • 2017-09-15 CVE Reserved
  • 2017-10-02 CVE Published
  • 2017-10-02 First Exploit
  • 2024-08-05 CVE Updated
  • 2025-03-31 EPSS Updated
  • ---------- Exploited in Wild
  • ---------- KEV Due Date
CWE
  • CWE-122: Heap-based Buffer Overflow
  • CWE-787: Out-of-bounds Write
CAPEC
References (43)
URL Tag Source
http://nvidia.custhelp.com/app/answers/detail/a_id/4560 Third Party Advisory
http://nvidia.custhelp.com/app/answers/detail/a_id/4561 Third Party Advisory
http://thekelleys.org.uk/gitweb/?p=dnsmasq.git%3Ba=commit%3Bh=0549c73b7ea6b22a3c49beb4d432f185a81efcbc X_refsource_confirm
http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-005.txt Third Party Advisory
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171103-01-dnsmasq-en Third Party Advisory
http://www.securityfocus.com/bid/101085 Broken Link
http://www.securityfocus.com/bid/101977 Broken Link
http://www.securitytracker.com/id/1039474 Broken Link
https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html Third Party Advisory
https://www.arista.com/en/support/advisories-notices/security-advisories/3577-security-advisory-30 Mitigation
https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-449 Third Party Advisory
https://www.kb.cert.org/vuls/id/973527 Third Party Advisory
https://www.mail-archive.com/dnsmasq-discuss%40lists.thekelleys.org.uk/msg11664.html Mailing List
https://www.mail-archive.com/dnsmasq-discuss%40lists.thekelleys.org.uk/msg11665.html Mailing List
https://www.synology.com/support/security/Synology_SA_17_59_Dnsmasq Third Party Advisory
URL Date SRC
https://packetstorm.news/files/id/144480 2017-10-02
https://www.exploit-db.com/exploits/42941 2024-08-05
https://github.com/skyformat99/dnsmasq-2.4.1-fix-CVE-2017-14491 2017-10-30
http://packetstormsecurity.com/files/144480/Dnsmasq-2-Byte-Heap-Based-Overflow.html 2024-08-05
URL Date SRC
https://cert-portal.siemens.com/productcert/pdf/ssa-689071.pdf 2023-11-07
URL Date SRC
http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00003.html 2023-11-07
http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00004.html 2023-11-07
http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00005.html 2023-11-07
http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00006.html 2023-11-07
http://thekelleys.org.uk/dnsmasq/CHANGELOG 2023-11-07
http://www.debian.org/security/2017/dsa-3989 2023-11-07
http://www.ubuntu.com/usn/USN-3430-1 2023-11-07
http://www.ubuntu.com/usn/USN-3430-2 2023-11-07
http://www.ubuntu.com/usn/USN-3430-3 2023-11-07
https://access.redhat.com/errata/RHSA-2017:2836 2023-11-07
https://access.redhat.com/errata/RHSA-2017:2837 2023-11-07
https://access.redhat.com/errata/RHSA-2017:2838 2023-11-07
https://access.redhat.com/errata/RHSA-2017:2839 2023-11-07
https://access.redhat.com/errata/RHSA-2017:2840 2023-11-07
https://access.redhat.com/errata/RHSA-2017:2841 2023-11-07
https://access.redhat.com/security/vulnerabilities/3199382 2017-10-02
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/527KNN34RN2SB6MBJG7CKSEBWYE3TJEB 2023-11-07
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5MMPCJOYPPL4B5RBY4U425PWG7EETDTD 2023-11-07
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YXRZ2W6TV6NLUJC5NOFBSG6PZSMDTYPV 2023-11-07
https://security.gentoo.org/glsa/201710-27 2023-11-07
https://www.debian.org/security/2017/dsa-3989 2023-11-07
https://access.redhat.com/security/cve/CVE-2017-14491 2017-10-02
https://bugzilla.redhat.com/show_bug.cgi?id=1495409 2017-10-02
Affected Vendors, Products, and Versions
Vendor Product Version Other Status
Vendor Product Version Other Status <-- --> Vendor Product Version Other Status
Nvidia
Search vendor "Nvidia"
 Linux For Tegra
Search vendor "Nvidia" for product "Linux For Tegra"
 < r21.6
Search vendor "Nvidia" for product "Linux For Tegra" and version " < r21.6"
-
Affected
in Nvidia
Search vendor "Nvidia"
 Jetson Tk1
Search vendor "Nvidia" for product "Jetson Tk1"
--
Safe
Nvidia
Search vendor "Nvidia"
 Linux For Tegra
Search vendor "Nvidia" for product "Linux For Tegra"
 < r24.2.2
Search vendor "Nvidia" for product "Linux For Tegra" and version " < r24.2.2"
-
Affected
in Nvidia
Search vendor "Nvidia"
 Jetson Tx1
Search vendor "Nvidia" for product "Jetson Tx1"
--
Safe
Nvidia
Search vendor "Nvidia"
 Geforce Experience
Search vendor "Nvidia" for product "Geforce Experience"
 >= 3.0 < 3.10.0.55
Search vendor "Nvidia" for product "Geforce Experience" and version " >= 3.0 < 3.10.0.55"
-
Affected
in Microsoft
Search vendor "Microsoft"
 Windows
Search vendor "Microsoft" for product "Windows"
--
Safe
Huawei
Search vendor "Huawei"
 Honor V9 Play Firmware
Search vendor "Huawei" for product "Honor V9 Play Firmware"
 < jimmy-al00ac00b135
Search vendor "Huawei" for product "Honor V9 Play Firmware" and version " < jimmy-al00ac00b135"
-
Affected
in Huawei
Search vendor "Huawei"
 Honor V9 Play
Search vendor "Huawei" for product "Honor V9 Play"
--
Safe
Siemens
Search vendor "Siemens"
 Ruggedcom Rm1224 Firmware
Search vendor "Siemens" for product "Ruggedcom Rm1224 Firmware"
 < 5.0
Search vendor "Siemens" for product "Ruggedcom Rm1224 Firmware" and version " < 5.0"
-
Affected
in Siemens
Search vendor "Siemens"
 Ruggedcom Rm1224
Search vendor "Siemens" for product "Ruggedcom Rm1224"
--
Safe
Siemens
Search vendor "Siemens"
 Scalance M-800 Firmware
Search vendor "Siemens" for product "Scalance M-800 Firmware"
 < 5.0
Search vendor "Siemens" for product "Scalance M-800 Firmware" and version " < 5.0"
-
Affected
in Siemens
Search vendor "Siemens"
 Scalance M-800
Search vendor "Siemens" for product "Scalance M-800"
--
Safe
Siemens
Search vendor "Siemens"
 Scalance S615 Firmware
Search vendor "Siemens" for product "Scalance S615 Firmware"
 < 5.0
Search vendor "Siemens" for product "Scalance S615 Firmware" and version " < 5.0"
-
Affected
in Siemens
Search vendor "Siemens"
 Scalance S615
Search vendor "Siemens" for product "Scalance S615"
--
Safe
Siemens
Search vendor "Siemens"
 Scalance W1750d Firmware
Search vendor "Siemens" for product "Scalance W1750d Firmware"
 < 6.5.1.5
Search vendor "Siemens" for product "Scalance W1750d Firmware" and version " < 6.5.1.5"
-
Affected
in Siemens
Search vendor "Siemens"
 Scalance W1750d
Search vendor "Siemens" for product "Scalance W1750d"
--
Safe
Thekelleys
Search vendor "Thekelleys"
 Dnsmasq
Search vendor "Thekelleys" for product "Dnsmasq"
 <= 2.77
Search vendor "Thekelleys" for product "Dnsmasq" and version " <= 2.77"
-
Affected
Redhat
Search vendor "Redhat"
 Enterprise Linux Desktop
Search vendor "Redhat" for product "Enterprise Linux Desktop"
 6.0
Search vendor "Redhat" for product "Enterprise Linux Desktop" and version "6.0"
-
Affected
Redhat
Search vendor "Redhat"
 Enterprise Linux Desktop
Search vendor "Redhat" for product "Enterprise Linux Desktop"
 7.0
Search vendor "Redhat" for product "Enterprise Linux Desktop" and version "7.0"
-
Affected
Redhat
Search vendor "Redhat"
 Enterprise Linux Server
Search vendor "Redhat" for product "Enterprise Linux Server"
 6.0
Search vendor "Redhat" for product "Enterprise Linux Server" and version "6.0"
-
Affected
Redhat
Search vendor "Redhat"
 Enterprise Linux Server
Search vendor "Redhat" for product "Enterprise Linux Server"
 7.0
Search vendor "Redhat" for product "Enterprise Linux Server" and version "7.0"
-
Affected
Redhat
Search vendor "Redhat"
 Enterprise Linux Workstation
Search vendor "Redhat" for product "Enterprise Linux Workstation"
 6.0
Search vendor "Redhat" for product "Enterprise Linux Workstation" and version "6.0"
-
Affected
Redhat
Search vendor "Redhat"
 Enterprise Linux Workstation
Search vendor "Redhat" for product "Enterprise Linux Workstation"
 7.0
Search vendor "Redhat" for product "Enterprise Linux Workstation" and version "7.0"
-
Affected
Canonical
Search vendor "Canonical"
 Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
 12.04
Search vendor "Canonical" for product "Ubuntu Linux" and version "12.04"
-
Affected
Canonical
Search vendor "Canonical"
 Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
 12.04
Search vendor "Canonical" for product "Ubuntu Linux" and version "12.04"
lts
Affected
Canonical
Search vendor "Canonical"
 Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
 14.04
Search vendor "Canonical" for product "Ubuntu Linux" and version "14.04"
lts
Affected
Canonical
Search vendor "Canonical"
 Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
 16.04
Search vendor "Canonical" for product "Ubuntu Linux" and version "16.04"
lts
Affected
Canonical
Search vendor "Canonical"
 Ubuntu Linux
Search vendor "Canonical" for product "Ubuntu Linux"
 17.04
Search vendor "Canonical" for product "Ubuntu Linux" and version "17.04"
-
Affected
Debian
Search vendor "Debian"
 Debian Linux
Search vendor "Debian" for product "Debian Linux"
 7.0
Search vendor "Debian" for product "Debian Linux" and version "7.0"
-
Affected
Debian
Search vendor "Debian"
 Debian Linux
Search vendor "Debian" for product "Debian Linux"
 7.1
Search vendor "Debian" for product "Debian Linux" and version "7.1"
-
Affected
Debian
Search vendor "Debian"
 Debian Linux
Search vendor "Debian" for product "Debian Linux"
 8.0
Search vendor "Debian" for product "Debian Linux" and version "8.0"
-
Affected
Debian
Search vendor "Debian"
 Debian Linux
Search vendor "Debian" for product "Debian Linux"
 9.0
Search vendor "Debian" for product "Debian Linux" and version "9.0"
-
Affected
Opensuse
Search vendor "Opensuse"
 Leap
Search vendor "Opensuse" for product "Leap"
 42.2
Search vendor "Opensuse" for product "Leap" and version "42.2"
-
Affected
Opensuse
Search vendor "Opensuse"
 Leap
Search vendor "Opensuse" for product "Leap"
 42.3
Search vendor "Opensuse" for product "Leap" and version "42.3"
-
Affected
Suse
Search vendor "Suse"
 Linux Enterprise Debuginfo
Search vendor "Suse" for product "Linux Enterprise Debuginfo"
 11
Search vendor "Suse" for product "Linux Enterprise Debuginfo" and version "11"
sp3
Affected
Suse
Search vendor "Suse"
 Linux Enterprise Debuginfo
Search vendor "Suse" for product "Linux Enterprise Debuginfo"
 11
Search vendor "Suse" for product "Linux Enterprise Debuginfo" and version "11"
sp4
Affected
Suse
Search vendor "Suse"
 Linux Enterprise Point Of Sale
Search vendor "Suse" for product "Linux Enterprise Point Of Sale"
 11
Search vendor "Suse" for product "Linux Enterprise Point Of Sale" and version "11"
sp3
Affected
Suse
Search vendor "Suse"
 Linux Enterprise Server
Search vendor "Suse" for product "Linux Enterprise Server"
 11
Search vendor "Suse" for product "Linux Enterprise Server" and version "11"
sp3, ltss
Affected
Suse
Search vendor "Suse"
 Linux Enterprise Server
Search vendor "Suse" for product "Linux Enterprise Server"
 11
Search vendor "Suse" for product "Linux Enterprise Server" and version "11"
sp4
Affected
Suse
Search vendor "Suse"
 Linux Enterprise Server
Search vendor "Suse" for product "Linux Enterprise Server"
 12
Search vendor "Suse" for product "Linux Enterprise Server" and version "12"
ltss
Affected
Arista
Search vendor "Arista"
 Eos
Search vendor "Arista" for product "Eos"
 <= 4.15
Search vendor "Arista" for product "Eos" and version " <= 4.15"
-
Affected
Arista
Search vendor "Arista"
 Eos
Search vendor "Arista" for product "Eos"
 >= 4.16 < 4.16.13m
Search vendor "Arista" for product "Eos" and version " >= 4.16 < 4.16.13m"
-
Affected
Arista
Search vendor "Arista"
 Eos
Search vendor "Arista" for product "Eos"
 >= 4.17 < 4.17.8m
Search vendor "Arista" for product "Eos" and version " >= 4.17 < 4.17.8m"
-
Affected
Arista
Search vendor "Arista"
 Eos
Search vendor "Arista" for product "Eos"
 >= 4.18 <= 4.18.4.2f
Search vendor "Arista" for product "Eos" and version " >= 4.18 <= 4.18.4.2f"
-
Affected
Arubanetworks
Search vendor "Arubanetworks"
 Arubaos
Search vendor "Arubanetworks" for product "Arubaos"
 >= 6.3.1 < 6.3.1.25
Search vendor "Arubanetworks" for product "Arubaos" and version " >= 6.3.1 < 6.3.1.25"
-
Affected
Arubanetworks
Search vendor "Arubanetworks"
 Arubaos
Search vendor "Arubanetworks" for product "Arubaos"
 >= 6.4.4.0 < 6.4.4.16
Search vendor "Arubanetworks" for product "Arubaos" and version " >= 6.4.4.0 < 6.4.4.16"
-
Affected
Arubanetworks
Search vendor "Arubanetworks"
 Arubaos
Search vendor "Arubanetworks" for product "Arubaos"
 >= 6.5.0.0 < 6.5.1.9
Search vendor "Arubanetworks" for product "Arubaos" and version " >= 6.5.0.0 < 6.5.1.9"
-
Affected
Arubanetworks
Search vendor "Arubanetworks"
 Arubaos
Search vendor "Arubanetworks" for product "Arubaos"
 >= 6.5.3.0 < 6.5.3.3
Search vendor "Arubanetworks" for product "Arubaos" and version " >= 6.5.3.0 < 6.5.3.3"
-
Affected
Arubanetworks
Search vendor "Arubanetworks"
 Arubaos
Search vendor "Arubanetworks" for product "Arubaos"
 >= 6.5.4.0 < 6.5.4.2
Search vendor "Arubanetworks" for product "Arubaos" and version " >= 6.5.4.0 < 6.5.4.2"
-
Affected
Arubanetworks
Search vendor "Arubanetworks"
 Arubaos
Search vendor "Arubanetworks" for product "Arubaos"
 >= 8.1.0.0 < 8.1.0.4
Search vendor "Arubanetworks" for product "Arubaos" and version " >= 8.1.0.0 < 8.1.0.4"
-
Affected
Synology
Search vendor "Synology"
 Diskstation Manager
Search vendor "Synology" for product "Diskstation Manager"
 5.2
Search vendor "Synology" for product "Diskstation Manager" and version "5.2"
-
Affected
Synology
Search vendor "Synology"
 Diskstation Manager
Search vendor "Synology" for product "Diskstation Manager"
 6.0
Search vendor "Synology" for product "Diskstation Manager" and version "6.0"
-
Affected
Synology
Search vendor "Synology"
 Diskstation Manager
Search vendor "Synology" for product "Diskstation Manager"
 6.1
Search vendor "Synology" for product "Diskstation Manager" and version "6.1"
-
Affected
Synology
Search vendor "Synology"
 Router Manager
Search vendor "Synology" for product "Router Manager"
 1.1
Search vendor "Synology" for product "Router Manager" and version "1.1"
-
Affected