{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2017-10-02T00:00:00", "descriptions": [{"lang": "en", "value": "Stack-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DHCPv6 request."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-03-03T10:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "1039474", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://www.securitytracker.com/id/1039474"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://www.synology.com/support/security/Synology_SA_17_59_Dnsmasq"}, {"name": "DSA-3989", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2017/dsa-3989"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://thekelleys.org.uk/gitweb/?p=dnsmasq.git%3Ba=commit%3Bh=3d4ff1ba8419546490b464418223132529514033"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://access.redhat.com/security/vulnerabilities/3199382"}, {"name": "101085", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/101085"}, {"name": "42943", "tags": ["exploit", "x_refsource_EXPLOIT-DB"], "url": "https://www.exploit-db.com/exploits/42943/"}, {"name": "USN-3430-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-3430-1"}, {"name": "VU#973527", "tags": ["third-party-advisory", "x_refsource_CERT-VN"], "url": "https://www.kb.cert.org/vuls/id/973527"}, {"name": "GLSA-201710-27", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "https://security.gentoo.org/glsa/201710-27"}, {"name": "USN-3430-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU"], "url": "http://www.ubuntu.com/usn/USN-3430-2"}, {"name": "[dnsmasq-discuss] 20171002 Announce: dnsmasq-2.78.", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://www.mail-archive.com/dnsmasq-discuss%40lists.thekelleys.org.uk/msg11665.html"}, {"name": "RHSA-2017:2836", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2017:2836"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4561"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-005.txt"}, {"name": "RHSA-2017:2837", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "https://access.redhat.com/errata/RHSA-2017:2837"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://thekelleys.org.uk/dnsmasq/CHANGELOG"}, {"name": "openSUSE-SU-2017:2633", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00006.html"}, {"tags": ["x_refsource_MISC"], "url": "https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html"}, {"name": "[dnsmasq-discuss] 20171002 IMPORTANT SECURITY INFORMATION.", "tags": ["mailing-list", "x_refsource_MLIST"], "url": "https://www.mail-archive.com/dnsmasq-discuss%40lists.thekelleys.org.uk/msg11664.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2017-14493", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "Stack-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DHCPv6 request."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "1039474", "refsource": "SECTRACK", "url": "http://www.securitytracker.com/id/1039474"}, {"name": "https://www.synology.com/support/security/Synology_SA_17_59_Dnsmasq", "refsource": "CONFIRM", "url": "https://www.synology.com/support/security/Synology_SA_17_59_Dnsmasq"}, {"name": "DSA-3989", "refsource": "DEBIAN", "url": "http://www.debian.org/security/2017/dsa-3989"}, {"name": "http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=3d4ff1ba8419546490b464418223132529514033", "refsource": "CONFIRM", "url": "http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=3d4ff1ba8419546490b464418223132529514033"}, {"name": "https://access.redhat.com/security/vulnerabilities/3199382", "refsource": "CONFIRM", "url": "https://access.redhat.com/security/vulnerabilities/3199382"}, {"name": "101085", "refsource": "BID", "url": "http://www.securityfocus.com/bid/101085"}, {"name": "42943", "refsource": "EXPLOIT-DB", "url": "https://www.exploit-db.com/exploits/42943/"}, {"name": "USN-3430-1", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-3430-1"}, {"name": "VU#973527", "refsource": "CERT-VN", "url": "https://www.kb.cert.org/vuls/id/973527"}, {"name": "GLSA-201710-27", "refsource": "GENTOO", "url": "https://security.gentoo.org/glsa/201710-27"}, {"name": "USN-3430-2", "refsource": "UBUNTU", "url": "http://www.ubuntu.com/usn/USN-3430-2"}, {"name": "[dnsmasq-discuss] 20171002 Announce: dnsmasq-2.78.", "refsource": "MLIST", "url": "https://www.mail-archive.com/dnsmasq-discuss@lists.thekelleys.org.uk/msg11665.html"}, {"name": "RHSA-2017:2836", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:2836"}, {"name": "http://nvidia.custhelp.com/app/answers/detail/a_id/4561", "refsource": "CONFIRM", "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4561"}, {"name": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-005.txt", "refsource": "CONFIRM", "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-005.txt"}, {"name": "RHSA-2017:2837", "refsource": "REDHAT", "url": "https://access.redhat.com/errata/RHSA-2017:2837"}, {"name": "http://thekelleys.org.uk/dnsmasq/CHANGELOG", "refsource": "CONFIRM", "url": "http://thekelleys.org.uk/dnsmasq/CHANGELOG"}, {"name": "openSUSE-SU-2017:2633", "refsource": "SUSE", "url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00006.html"}, {"name": "https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html", "refsource": "MISC", "url": "https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html"}, {"name": "[dnsmasq-discuss] 20171002 IMPORTANT SECURITY INFORMATION.", "refsource": "MLIST", "url": "https://www.mail-archive.com/dnsmasq-discuss@lists.thekelleys.org.uk/msg11664.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-05T19:27:40.669Z"}, "title": "CVE Program Container", "references": [{"name": "1039474", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://www.securitytracker.com/id/1039474"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.synology.com/support/security/Synology_SA_17_59_Dnsmasq"}, {"name": "DSA-3989", "tags": ["vendor-advisory", "x_refsource_DEBIAN", "x_transferred"], "url": "http://www.debian.org/security/2017/dsa-3989"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://thekelleys.org.uk/gitweb/?p=dnsmasq.git%3Ba=commit%3Bh=3d4ff1ba8419546490b464418223132529514033"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://access.redhat.com/security/vulnerabilities/3199382"}, {"name": "101085", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/101085"}, {"name": "42943", "tags": ["exploit", "x_refsource_EXPLOIT-DB", "x_transferred"], "url": "https://www.exploit-db.com/exploits/42943/"}, {"name": "USN-3430-1", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-3430-1"}, {"name": "VU#973527", "tags": ["third-party-advisory", "x_refsource_CERT-VN", "x_transferred"], "url": "https://www.kb.cert.org/vuls/id/973527"}, {"name": "GLSA-201710-27", "tags": ["vendor-advisory", "x_refsource_GENTOO", "x_transferred"], "url": "https://security.gentoo.org/glsa/201710-27"}, {"name": "USN-3430-2", "tags": ["vendor-advisory", "x_refsource_UBUNTU", "x_transferred"], "url": "http://www.ubuntu.com/usn/USN-3430-2"}, {"name": "[dnsmasq-discuss] 20171002 Announce: dnsmasq-2.78.", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://www.mail-archive.com/dnsmasq-discuss%40lists.thekelleys.org.uk/msg11665.html"}, {"name": "RHSA-2017:2836", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2017:2836"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4561"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-005.txt"}, {"name": "RHSA-2017:2837", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "https://access.redhat.com/errata/RHSA-2017:2837"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://thekelleys.org.uk/dnsmasq/CHANGELOG"}, {"name": "openSUSE-SU-2017:2633", "tags": ["vendor-advisory", "x_refsource_SUSE", "x_transferred"], "url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00006.html"}, {"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html"}, {"name": "[dnsmasq-discuss] 20171002 IMPORTANT SECURITY INFORMATION.", "tags": ["mailing-list", "x_refsource_MLIST", "x_transferred"], "url": "https://www.mail-archive.com/dnsmasq-discuss%40lists.thekelleys.org.uk/msg11664.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2017-14493", "datePublished": "2017-10-02T21:00:00", "dateReserved": "2017-09-15T00:00:00", "dateUpdated": "2024-08-05T19:27:40.669Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*", "matchCriteriaId": "B5A6F2F3-4894-4392-8296-3B8DD2679084", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*", "matchCriteriaId": "F7016A2A-8365-4F1A-89A2-7A19F2BCAE5B", "vulnerable": true}, {"criteria": "cpe:2.3:o:canonical:ubuntu_linux:17.04:*:*:*:*:*:*:*", "matchCriteriaId": "588D4F37-0A56-47A4-B710-4D5F3D214FB9", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "16F59A04-14CF-49E2-9973-645477EA09DA", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "7B21E9A8-CE63-42C2-A11A-94D977A96DF1", "vulnerable": true}, {"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*", "matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252", "vulnerable": true}, {"criteria": "cpe:2.3:o:opensuse:leap:42.2:*:*:*:*:*:*:*", "matchCriteriaId": "1EA337A3-B9A3-4962-B8BD-8E0C7C5B28EB", "vulnerable": true}, {"criteria": "cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*", "matchCriteriaId": "5F65DAB0-3DAD-49FF-BC73-3581CC3D5BF3", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "33C068A4-3780-4EAB-A937-6082DF847564", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "51EF4996-72F4-4FA4-814F-F5991E7A8318", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "825ECE2D-E232-46E0-A047-074B34DB1E97", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:thekelleys:dnsmasq:*:*:*:*:*:*:*:*", "matchCriteriaId": "B85D7A28-8CBA-4D77-AD30-DB3CA49F2F98", "versionEndIncluding": "2.77", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "Stack-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DHCPv6 request."}, {"lang": "es", "value": "Un desbordamiento de b\u00fafer basado en pila en dnsmasq en versiones anteriores a la 2.78 permite a los atacantes provocar una denegaci\u00f3n de servicio (cierre inesperado) o ejecutar c\u00f3digo arbitrario mediante una petici\u00f3n DHCPv6 manipulada."}], "id": "CVE-2017-14493", "lastModified": "2024-11-21T03:12:54.433", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "PARTIAL", "baseScore": 7.5, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.4, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV30": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.0"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2017-10-03T01:29:02.077", "references": [{"source": "cve@mitre.org", "tags": ["Issue Tracking", "Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00006.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4561"}, {"source": "cve@mitre.org", "tags": ["Release Notes", "Vendor Advisory"], "url": "http://thekelleys.org.uk/dnsmasq/CHANGELOG"}, {"source": "cve@mitre.org", "url": "http://thekelleys.org.uk/gitweb/?p=dnsmasq.git%3Ba=commit%3Bh=3d4ff1ba8419546490b464418223132529514033"}, {"source": "cve@mitre.org", "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-005.txt"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.debian.org/security/2017/dsa-3989"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/101085"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1039474"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/USN-3430-1"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/USN-3430-2"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2017:2836"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2017:2837"}, {"source": "cve@mitre.org", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://access.redhat.com/security/vulnerabilities/3199382"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/201710-27"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html"}, {"source": "cve@mitre.org", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/42943/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://www.kb.cert.org/vuls/id/973527"}, {"source": "cve@mitre.org", "url": "https://www.mail-archive.com/dnsmasq-discuss%40lists.thekelleys.org.uk/msg11664.html"}, {"source": "cve@mitre.org", "url": "https://www.mail-archive.com/dnsmasq-discuss%40lists.thekelleys.org.uk/msg11665.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://www.synology.com/support/security/Synology_SA_17_59_Dnsmasq"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Mailing List", "Third Party Advisory"], "url": "http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00006.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://nvidia.custhelp.com/app/answers/detail/a_id/4561"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Release Notes", "Vendor Advisory"], "url": "http://thekelleys.org.uk/dnsmasq/CHANGELOG"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://thekelleys.org.uk/gitweb/?p=dnsmasq.git%3Ba=commit%3Bh=3d4ff1ba8419546490b464418223132529514033"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-005.txt"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.debian.org/security/2017/dsa-3989"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/101085"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securitytracker.com/id/1039474"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/USN-3430-1"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "http://www.ubuntu.com/usn/USN-3430-2"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2017:2836"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Patch", "Third Party Advisory"], "url": "https://access.redhat.com/errata/RHSA-2017:2837"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://access.redhat.com/security/vulnerabilities/3199382"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.gentoo.org/glsa/201710-27"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Exploit", "Third Party Advisory", "VDB Entry"], "url": "https://www.exploit-db.com/exploits/42943/"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory", "US Government Resource"], "url": "https://www.kb.cert.org/vuls/id/973527"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.mail-archive.com/dnsmasq-discuss%40lists.thekelleys.org.uk/msg11664.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.mail-archive.com/dnsmasq-discuss%40lists.thekelleys.org.uk/msg11665.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Third Party Advisory"], "url": "https://www.synology.com/support/security/Synology_SA_17_59_Dnsmasq"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"acknowledgement": "Red Hat would like to thank Felix Wilhelm (Google Security Team), Fermin J. Serna (Google Security Team), Gabriel Campana (Google Security Team), Kevin Hamacher (Google Security Team), and Ron Bowes (Google Security Team) for reporting this issue.", "affected_release": [{"advisory": "RHSA-2017:2836", "cpe": "cpe:/o:redhat:enterprise_linux:7", "package": "dnsmasq-0:2.76-2.el7_4.2", "product_name": "Red Hat Enterprise Linux 7", "release_date": "2017-10-02T00:00:00Z"}, {"advisory": "RHSA-2017:2837", "cpe": "cpe:/o:redhat:rhel_eus:7.2", "package": "dnsmasq-0:2.66-14.el7_2.2", "product_name": "Red Hat Enterprise Linux 7.2 Extended Update Support", "release_date": "2017-10-02T00:00:00Z"}, {"advisory": "RHSA-2017:2837", "cpe": "cpe:/o:redhat:rhel_eus:7.3", "package": "dnsmasq-0:2.66-21.el7_3.2", "product_name": "Red Hat Enterprise Linux 7.3 Extended Update Support", "release_date": "2017-10-02T00:00:00Z"}], "bugzilla": {"description": "dnsmasq: stack buffer overflow in the DHCPv6 code", "id": "1495411", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1495411"}, "csaw": true, "cvss": {"cvss_base_score": "8.3", "cvss_scoring_vector": "AV:A/AC:L/Au:N/C:C/I:C/A:C", "status": "verified"}, "cvss3": {"cvss3_base_score": "8.8", "cvss3_scoring_vector": "CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "status": "verified"}, "cwe": "CWE-121", "details": ["Stack-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DHCPv6 request.", "A stack buffer overflow was found in dnsmasq in the DHCPv6 code. An attacker on the local network could send a crafted DHCPv6 request to dnsmasq which would cause it to a crash or, potentially, execute arbitrary code."], "name": "CVE-2017-14493", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Not affected", "package_name": "dnsmasq", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "dnsmasq", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/a:redhat:openstack:6", "fix_state": "Not affected", "package_name": "dnsmasq", "product_name": "Red Hat Enterprise Linux OpenStack Platform 6 (Juno)"}, {"cpe": "cpe:/a:redhat:openstack:7", "fix_state": "Not affected", "package_name": "dnsmasq", "product_name": "Red Hat Enterprise Linux OpenStack Platform 7 (Kilo)"}, {"cpe": "cpe:/a:redhat:openstack:10", "fix_state": "Not affected", "package_name": "dnsmasq", "product_name": "Red Hat OpenStack Platform 10 (Newton)"}, {"cpe": "cpe:/a:redhat:openstack:11", "fix_state": "Not affected", "package_name": "dnsmasq", "product_name": "Red Hat OpenStack Platform 11 (Ocata)"}, {"cpe": "cpe:/a:redhat:openstack:12", "fix_state": "Not affected", "package_name": "dnsmasq", "product_name": "Red Hat OpenStack Platform 12 (Pike)"}, {"cpe": "cpe:/a:redhat:openstack:8", "fix_state": "Not affected", "package_name": "dnsmasq", "product_name": "Red Hat OpenStack Platform 8 (Liberty)"}, {"cpe": "cpe:/a:redhat:openstack:9", "fix_state": "Not affected", "package_name": "dnsmasq", "product_name": "Red Hat OpenStack Platform 9 (Mitaka)"}], "public_date": "2017-10-02T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2017-14493\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-14493\nhttps://access.redhat.com/security/vulnerabilities/3199382\nhttps://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html"], "statement": "Red Hat OpenStack Platform includes the dnsmasq-utils RPM which does not contain this flaw's affected code-paths; Red Hat OpenStack Platform is therefore listed as not affected.\nHowever, because all versions of Red Hat OpenStack Platform are based on Red Hat Enterprise Linux, all Red Hat OpenStack Platform users should absolutely upgrade the dnsmasq RPM from Red Hat Enterprise Linux as a matter of urgency using standard update mechanisms (such as 'yum update' or 'openstack overcloud update').", "threat_severity": "Critical", "upstream_fix": "dnsmasq 2.78"}