CVE-2017-14491

Dnsmasq < 2.78 - 2-byte Heap Overflow

Severity Score

9.8

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response.

Un desbordamiento de búfer basado en memoria dinámica (heap) en dnsmasq en versiones anteriores a la 2.78 permite a los atacantes provocar una denegación de servicio (cierre inesperado) o ejecutar código arbitrario utilizando una respuesta DNS manipulada.

A heap buffer overflow was found in dnsmasq in the code responsible for building DNS replies. An attacker could send crafted DNS packets to dnsmasq which would cause it to crash or, potentially, execute arbitrary code.

Dnsmasq versions prior to 2.78 suffer from a 2-byte heap-based overflow vulnerability.

*Credits: N/A

CVSS Scores

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Partial

Integrity

Partial

Availability

Partial

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

Complete

Integrity

Complete

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2017-09-15 CVE Reserved
2017-10-02 CVE Published
2017-10-30 First Exploit
2024-08-05 CVE Updated
2024-08-13 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date

CWE

CWE-122: Heap-based Buffer Overflow
CWE-787: Out-of-bounds Write

CAPEC

References (42)

URL	Tag	Source
http://nvidia.custhelp.com/app/answers/detail/a_id/4560	Third Party Advisory
http://nvidia.custhelp.com/app/answers/detail/a_id/4561	Third Party Advisory
http://thekelleys.org.uk/gitweb/?p=dnsmasq.git%3Ba=commit%3Bh=0549c73b7ea6b22a3c49beb4d432f185a81efcbc	X_refsource_confirm
http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-005.txt	Third Party Advisory
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171103-01-dnsmasq-en	Third Party Advisory
http://www.securityfocus.com/bid/101085	Broken Link
http://www.securityfocus.com/bid/101977	Broken Link
http://www.securitytracker.com/id/1039474	Broken Link
https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html	Third Party Advisory
https://www.arista.com/en/support/advisories-notices/security-advisories/3577-security-advisory-30	Mitigation
https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-449	Third Party Advisory
https://www.kb.cert.org/vuls/id/973527	Third Party Advisory
https://www.mail-archive.com/dnsmasq-discuss%40lists.thekelleys.org.uk/msg11664.html	Mailing List
https://www.mail-archive.com/dnsmasq-discuss%40lists.thekelleys.org.uk/msg11665.html	Mailing List
https://www.synology.com/support/security/Synology_SA_17_59_Dnsmasq	Third Party Advisory

URL	Date	SRC
https://www.exploit-db.com/exploits/42941	2024-08-05
https://github.com/skyformat99/dnsmasq-2.4.1-fix-CVE-2017-14491	2017-10-30
http://packetstormsecurity.com/files/144480/Dnsmasq-2-Byte-Heap-Based-Overflow.html	2024-08-05

URL	Date	SRC
https://cert-portal.siemens.com/productcert/pdf/ssa-689071.pdf	2023-11-07

URL	Date	SRC
http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00003.html	2023-11-07
http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00004.html	2023-11-07
http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00005.html	2023-11-07
http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00006.html	2023-11-07
http://thekelleys.org.uk/dnsmasq/CHANGELOG	2023-11-07
http://www.debian.org/security/2017/dsa-3989	2023-11-07
http://www.ubuntu.com/usn/USN-3430-1	2023-11-07
http://www.ubuntu.com/usn/USN-3430-2	2023-11-07
http://www.ubuntu.com/usn/USN-3430-3	2023-11-07
https://access.redhat.com/errata/RHSA-2017:2836	2023-11-07
https://access.redhat.com/errata/RHSA-2017:2837	2023-11-07
https://access.redhat.com/errata/RHSA-2017:2838	2023-11-07
https://access.redhat.com/errata/RHSA-2017:2839	2023-11-07
https://access.redhat.com/errata/RHSA-2017:2840	2023-11-07
https://access.redhat.com/errata/RHSA-2017:2841	2023-11-07
https://access.redhat.com/security/vulnerabilities/3199382	2017-10-02
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/527KNN34RN2SB6MBJG7CKSEBWYE3TJEB	2023-11-07
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5MMPCJOYPPL4B5RBY4U425PWG7EETDTD	2023-11-07
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YXRZ2W6TV6NLUJC5NOFBSG6PZSMDTYPV	2023-11-07
https://security.gentoo.org/glsa/201710-27	2023-11-07
https://www.debian.org/security/2017/dsa-3989	2023-11-07
https://access.redhat.com/security/cve/CVE-2017-14491	2017-10-02
https://bugzilla.redhat.com/show_bug.cgi?id=1495409	2017-10-02

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Nvidia Search vendor "Nvidia"	Linux For Tegra Search vendor "Nvidia" for product "Linux For Tegra"	< r21.6 Search vendor "Nvidia" for product "Linux For Tegra" and version " < r21.6"	-	Affected	in	Nvidia Search vendor "Nvidia"	Jetson Tk1 Search vendor "Nvidia" for product "Jetson Tk1"	-	-	Safe
Nvidia Search vendor "Nvidia"	Linux For Tegra Search vendor "Nvidia" for product "Linux For Tegra"	< r24.2.2 Search vendor "Nvidia" for product "Linux For Tegra" and version " < r24.2.2"	-	Affected	in	Nvidia Search vendor "Nvidia"	Jetson Tx1 Search vendor "Nvidia" for product "Jetson Tx1"	-	-	Safe
Nvidia Search vendor "Nvidia"	Geforce Experience Search vendor "Nvidia" for product "Geforce Experience"	>= 3.0 < 3.10.0.55 Search vendor "Nvidia" for product "Geforce Experience" and version " >= 3.0 < 3.10.0.55"	-	Affected	in	Microsoft Search vendor "Microsoft"	Windows Search vendor "Microsoft" for product "Windows"	-	-	Safe
Huawei Search vendor "Huawei"	Honor V9 Play Firmware Search vendor "Huawei" for product "Honor V9 Play Firmware"	< jimmy-al00ac00b135 Search vendor "Huawei" for product "Honor V9 Play Firmware" and version " < jimmy-al00ac00b135"	-	Affected	in	Huawei Search vendor "Huawei"	Honor V9 Play Search vendor "Huawei" for product "Honor V9 Play"	-	-	Safe
Siemens Search vendor "Siemens"	Ruggedcom Rm1224 Firmware Search vendor "Siemens" for product "Ruggedcom Rm1224 Firmware"	< 5.0 Search vendor "Siemens" for product "Ruggedcom Rm1224 Firmware" and version " < 5.0"	-	Affected	in	Siemens Search vendor "Siemens"	Ruggedcom Rm1224 Search vendor "Siemens" for product "Ruggedcom Rm1224"	-	-	Safe
Siemens Search vendor "Siemens"	Scalance M-800 Firmware Search vendor "Siemens" for product "Scalance M-800 Firmware"	< 5.0 Search vendor "Siemens" for product "Scalance M-800 Firmware" and version " < 5.0"	-	Affected	in	Siemens Search vendor "Siemens"	Scalance M-800 Search vendor "Siemens" for product "Scalance M-800"	-	-	Safe
Siemens Search vendor "Siemens"	Scalance S615 Firmware Search vendor "Siemens" for product "Scalance S615 Firmware"	< 5.0 Search vendor "Siemens" for product "Scalance S615 Firmware" and version " < 5.0"	-	Affected	in	Siemens Search vendor "Siemens"	Scalance S615 Search vendor "Siemens" for product "Scalance S615"	-	-	Safe
Siemens Search vendor "Siemens"	Scalance W1750d Firmware Search vendor "Siemens" for product "Scalance W1750d Firmware"	< 6.5.1.5 Search vendor "Siemens" for product "Scalance W1750d Firmware" and version " < 6.5.1.5"	-	Affected	in	Siemens Search vendor "Siemens"	Scalance W1750d Search vendor "Siemens" for product "Scalance W1750d"	-	-	Safe
Thekelleys Search vendor "Thekelleys"		Dnsmasq Search vendor "Thekelleys" for product "Dnsmasq"				<= 2.77 Search vendor "Thekelleys" for product "Dnsmasq" and version " <= 2.77"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Desktop Search vendor "Redhat" for product "Enterprise Linux Desktop"				6.0 Search vendor "Redhat" for product "Enterprise Linux Desktop" and version "6.0"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Desktop Search vendor "Redhat" for product "Enterprise Linux Desktop"				7.0 Search vendor "Redhat" for product "Enterprise Linux Desktop" and version "7.0"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Server Search vendor "Redhat" for product "Enterprise Linux Server"				6.0 Search vendor "Redhat" for product "Enterprise Linux Server" and version "6.0"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Server Search vendor "Redhat" for product "Enterprise Linux Server"				7.0 Search vendor "Redhat" for product "Enterprise Linux Server" and version "7.0"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Workstation Search vendor "Redhat" for product "Enterprise Linux Workstation"				6.0 Search vendor "Redhat" for product "Enterprise Linux Workstation" and version "6.0"		-		Affected
Redhat Search vendor "Redhat"		Enterprise Linux Workstation Search vendor "Redhat" for product "Enterprise Linux Workstation"				7.0 Search vendor "Redhat" for product "Enterprise Linux Workstation" and version "7.0"		-		Affected
Canonical Search vendor "Canonical"		Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux"				12.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "12.04"		-		Affected
Canonical Search vendor "Canonical"		Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux"				12.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "12.04"		lts		Affected
Canonical Search vendor "Canonical"		Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux"				14.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "14.04"		lts		Affected
Canonical Search vendor "Canonical"		Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux"				16.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "16.04"		lts		Affected
Canonical Search vendor "Canonical"		Ubuntu Linux Search vendor "Canonical" for product "Ubuntu Linux"				17.04 Search vendor "Canonical" for product "Ubuntu Linux" and version "17.04"		-		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				7.0 Search vendor "Debian" for product "Debian Linux" and version "7.0"		-		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				7.1 Search vendor "Debian" for product "Debian Linux" and version "7.1"		-		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				8.0 Search vendor "Debian" for product "Debian Linux" and version "8.0"		-		Affected
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				9.0 Search vendor "Debian" for product "Debian Linux" and version "9.0"		-		Affected
Opensuse Search vendor "Opensuse"		Leap Search vendor "Opensuse" for product "Leap"				42.2 Search vendor "Opensuse" for product "Leap" and version "42.2"		-		Affected
Opensuse Search vendor "Opensuse"		Leap Search vendor "Opensuse" for product "Leap"				42.3 Search vendor "Opensuse" for product "Leap" and version "42.3"		-		Affected
Suse Search vendor "Suse"		Linux Enterprise Debuginfo Search vendor "Suse" for product "Linux Enterprise Debuginfo"				11 Search vendor "Suse" for product "Linux Enterprise Debuginfo" and version "11"		sp3		Affected
Suse Search vendor "Suse"		Linux Enterprise Debuginfo Search vendor "Suse" for product "Linux Enterprise Debuginfo"				11 Search vendor "Suse" for product "Linux Enterprise Debuginfo" and version "11"		sp4		Affected
Suse Search vendor "Suse"		Linux Enterprise Point Of Sale Search vendor "Suse" for product "Linux Enterprise Point Of Sale"				11 Search vendor "Suse" for product "Linux Enterprise Point Of Sale" and version "11"		sp3		Affected
Suse Search vendor "Suse"		Linux Enterprise Server Search vendor "Suse" for product "Linux Enterprise Server"				11 Search vendor "Suse" for product "Linux Enterprise Server" and version "11"		sp3, ltss		Affected
Suse Search vendor "Suse"		Linux Enterprise Server Search vendor "Suse" for product "Linux Enterprise Server"				11 Search vendor "Suse" for product "Linux Enterprise Server" and version "11"		sp4		Affected
Suse Search vendor "Suse"		Linux Enterprise Server Search vendor "Suse" for product "Linux Enterprise Server"				12 Search vendor "Suse" for product "Linux Enterprise Server" and version "12"		ltss		Affected
Arista Search vendor "Arista"		Eos Search vendor "Arista" for product "Eos"				<= 4.15 Search vendor "Arista" for product "Eos" and version " <= 4.15"		-		Affected
Arista Search vendor "Arista"		Eos Search vendor "Arista" for product "Eos"				>= 4.16 < 4.16.13m Search vendor "Arista" for product "Eos" and version " >= 4.16 < 4.16.13m"		-		Affected
Arista Search vendor "Arista"		Eos Search vendor "Arista" for product "Eos"				>= 4.17 < 4.17.8m Search vendor "Arista" for product "Eos" and version " >= 4.17 < 4.17.8m"		-		Affected
Arista Search vendor "Arista"		Eos Search vendor "Arista" for product "Eos"				>= 4.18 <= 4.18.4.2f Search vendor "Arista" for product "Eos" and version " >= 4.18 <= 4.18.4.2f"		-		Affected
Arubanetworks Search vendor "Arubanetworks"		Arubaos Search vendor "Arubanetworks" for product "Arubaos"				>= 6.3.1 < 6.3.1.25 Search vendor "Arubanetworks" for product "Arubaos" and version " >= 6.3.1 < 6.3.1.25"		-		Affected
Arubanetworks Search vendor "Arubanetworks"		Arubaos Search vendor "Arubanetworks" for product "Arubaos"				>= 6.4.4.0 < 6.4.4.16 Search vendor "Arubanetworks" for product "Arubaos" and version " >= 6.4.4.0 < 6.4.4.16"		-		Affected
Arubanetworks Search vendor "Arubanetworks"		Arubaos Search vendor "Arubanetworks" for product "Arubaos"				>= 6.5.0.0 < 6.5.1.9 Search vendor "Arubanetworks" for product "Arubaos" and version " >= 6.5.0.0 < 6.5.1.9"		-		Affected
Arubanetworks Search vendor "Arubanetworks"		Arubaos Search vendor "Arubanetworks" for product "Arubaos"				>= 6.5.3.0 < 6.5.3.3 Search vendor "Arubanetworks" for product "Arubaos" and version " >= 6.5.3.0 < 6.5.3.3"		-		Affected
Arubanetworks Search vendor "Arubanetworks"		Arubaos Search vendor "Arubanetworks" for product "Arubaos"				>= 6.5.4.0 < 6.5.4.2 Search vendor "Arubanetworks" for product "Arubaos" and version " >= 6.5.4.0 < 6.5.4.2"		-		Affected
Arubanetworks Search vendor "Arubanetworks"		Arubaos Search vendor "Arubanetworks" for product "Arubaos"				>= 8.1.0.0 < 8.1.0.4 Search vendor "Arubanetworks" for product "Arubaos" and version " >= 8.1.0.0 < 8.1.0.4"		-		Affected
Synology Search vendor "Synology"		Diskstation Manager Search vendor "Synology" for product "Diskstation Manager"				5.2 Search vendor "Synology" for product "Diskstation Manager" and version "5.2"		-		Affected
Synology Search vendor "Synology"		Diskstation Manager Search vendor "Synology" for product "Diskstation Manager"				6.0 Search vendor "Synology" for product "Diskstation Manager" and version "6.0"		-		Affected
Synology Search vendor "Synology"		Diskstation Manager Search vendor "Synology" for product "Diskstation Manager"				6.1 Search vendor "Synology" for product "Diskstation Manager" and version "6.1"		-		Affected
Synology Search vendor "Synology"		Router Manager Search vendor "Synology" for product "Router Manager"				1.1 Search vendor "Synology" for product "Router Manager" and version "1.1"		-		Affected