ByteOS Network

CVE Vulnerability Details :

CVE-2017-14491

PUBLISHED

More Info Official Page

Assigner-mitre

Assigner Org ID-8254265b-2729-46b6-b9e3-3dfca2d5bfca

Published At-02 Oct, 2017 | 21:00

Updated At-05 Aug, 2024 | 19:27

▼CVE Numbering Authority (CNA)

Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response.

Affected Products

Vendor

n/a

Product

n/a

Versions

Affected

Problem Types

Type	CWE ID	Description
text	N/A	n/a

Type: text

CWE ID: N/A

Description: n/a

References

Hyperlink	Resource
http://www.securitytracker.com/id/1039474	vdb-entry x_refsource_SECTRACK
https://www.synology.com/support/security/Synology_SA_17_59_Dnsmasq	x_refsource_CONFIRM
http://www.debian.org/security/2017/dsa-3989	vendor-advisory x_refsource_DEBIAN
https://access.redhat.com/security/vulnerabilities/3199382	x_refsource_CONFIRM
http://www.securityfocus.com/bid/101085	vdb-entry x_refsource_BID
http://www.ubuntu.com/usn/USN-3430-1	vendor-advisory x_refsource_UBUNTU
http://thekelleys.org.uk/gitweb/?p=dnsmasq.git%3Ba=commit%3Bh=0549c73b7ea6b22a3c49beb4d432f185a81efcbc	x_refsource_CONFIRM
http://www.securityfocus.com/bid/101977	vdb-entry x_refsource_BID
https://access.redhat.com/errata/RHSA-2017:2838	vendor-advisory x_refsource_REDHAT
https://www.kb.cert.org/vuls/id/973527	third-party-advisory x_refsource_CERT-VN
https://security.gentoo.org/glsa/201710-27	vendor-advisory x_refsource_GENTOO
https://access.redhat.com/errata/RHSA-2017:2840	vendor-advisory x_refsource_REDHAT
http://www.ubuntu.com/usn/USN-3430-2	vendor-advisory x_refsource_UBUNTU
https://access.redhat.com/errata/RHSA-2017:2839	vendor-advisory x_refsource_REDHAT
https://www.mail-archive.com/dnsmasq-discuss%40lists.thekelleys.org.uk/msg11665.html	mailing-list x_refsource_MLIST
https://access.redhat.com/errata/RHSA-2017:2836	vendor-advisory x_refsource_REDHAT
http://nvidia.custhelp.com/app/answers/detail/a_id/4561	x_refsource_CONFIRM
http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-005.txt	x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2017:2837	vendor-advisory x_refsource_REDHAT
https://www.exploit-db.com/exploits/42941/	exploit x_refsource_EXPLOIT-DB
http://thekelleys.org.uk/dnsmasq/CHANGELOG	x_refsource_CONFIRM
https://access.redhat.com/errata/RHSA-2017:2841	vendor-advisory x_refsource_REDHAT
http://nvidia.custhelp.com/app/answers/detail/a_id/4560	x_refsource_CONFIRM
http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00006.html	vendor-advisory x_refsource_SUSE
https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html	x_refsource_MISC
https://www.mail-archive.com/dnsmasq-discuss%40lists.thekelleys.org.uk/msg11664.html	mailing-list x_refsource_MLIST
https://cert-portal.siemens.com/productcert/pdf/ssa-689071.pdf	x_refsource_CONFIRM
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5MMPCJOYPPL4B5RBY4U425PWG7EETDTD/	vendor-advisory x_refsource_FEDORA
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YXRZ2W6TV6NLUJC5NOFBSG6PZSMDTYPV/	vendor-advisory x_refsource_FEDORA
http://www.ubuntu.com/usn/USN-3430-3	vendor-advisory x_refsource_UBUNTU
http://packetstormsecurity.com/files/144480/Dnsmasq-2-Byte-Heap-Based-Overflow.html	x_refsource_MISC
http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00005.html	vendor-advisory x_refsource_SUSE
https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-449/	x_refsource_CONFIRM
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171103-01-dnsmasq-en	x_refsource_CONFIRM
https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-449	x_refsource_CONFIRM
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/527KNN34RN2SB6MBJG7CKSEBWYE3TJEB/	vendor-advisory x_refsource_FEDORA
http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00003.html	vendor-advisory x_refsource_SUSE
http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00004.html	vendor-advisory x_refsource_SUSE
https://www.debian.org/security/2017/dsa-3989	vendor-advisory x_refsource_DEBIAN
https://www.arista.com/en/support/advisories-notices/security-advisories/3577-security-advisory-30	x_refsource_MISC

Hyperlink: http://www.securitytracker.com/id/1039474

Resource:

vdb-entry

x_refsource_SECTRACK

Hyperlink: https://www.synology.com/support/security/Synology_SA_17_59_Dnsmasq

Resource:

x_refsource_CONFIRM

Hyperlink: http://www.debian.org/security/2017/dsa-3989

Resource:

vendor-advisory

x_refsource_DEBIAN

Hyperlink: https://access.redhat.com/security/vulnerabilities/3199382

Resource:

x_refsource_CONFIRM

Hyperlink: http://www.securityfocus.com/bid/101085

Resource:

vdb-entry

x_refsource_BID

Hyperlink: http://www.ubuntu.com/usn/USN-3430-1

Resource:

vendor-advisory

x_refsource_UBUNTU

Hyperlink: http://thekelleys.org.uk/gitweb/?p=dnsmasq.git%3Ba=commit%3Bh=0549c73b7ea6b22a3c49beb4d432f185a81efcbc

Resource:

x_refsource_CONFIRM

Hyperlink: http://www.securityfocus.com/bid/101977

Resource:

vdb-entry

x_refsource_BID

Hyperlink: https://access.redhat.com/errata/RHSA-2017:2838

Resource:

vendor-advisory

x_refsource_REDHAT

Hyperlink: https://www.kb.cert.org/vuls/id/973527

Resource:

third-party-advisory

x_refsource_CERT-VN

Hyperlink: https://security.gentoo.org/glsa/201710-27

Resource:

vendor-advisory

x_refsource_GENTOO

Hyperlink: https://access.redhat.com/errata/RHSA-2017:2840

Resource:

vendor-advisory

x_refsource_REDHAT

Hyperlink: http://www.ubuntu.com/usn/USN-3430-2

Resource:

vendor-advisory

x_refsource_UBUNTU

Hyperlink: https://access.redhat.com/errata/RHSA-2017:2839

Resource:

vendor-advisory

x_refsource_REDHAT

Hyperlink: https://www.mail-archive.com/dnsmasq-discuss%40lists.thekelleys.org.uk/msg11665.html

Resource:

mailing-list

x_refsource_MLIST

Hyperlink: https://access.redhat.com/errata/RHSA-2017:2836

Resource:

vendor-advisory

x_refsource_REDHAT

Hyperlink: http://nvidia.custhelp.com/app/answers/detail/a_id/4561

Resource:

x_refsource_CONFIRM

Hyperlink: http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-005.txt

Resource:

x_refsource_CONFIRM

Hyperlink: https://access.redhat.com/errata/RHSA-2017:2837

Resource:

vendor-advisory

x_refsource_REDHAT

Hyperlink: https://www.exploit-db.com/exploits/42941/

Resource:

exploit

x_refsource_EXPLOIT-DB

Hyperlink: http://thekelleys.org.uk/dnsmasq/CHANGELOG

Resource:

x_refsource_CONFIRM

Hyperlink: https://access.redhat.com/errata/RHSA-2017:2841

Resource:

vendor-advisory

x_refsource_REDHAT

Hyperlink: http://nvidia.custhelp.com/app/answers/detail/a_id/4560

Resource:

x_refsource_CONFIRM

Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00006.html

Resource:

vendor-advisory

x_refsource_SUSE

Hyperlink: https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html

Resource:

x_refsource_MISC

Hyperlink: https://www.mail-archive.com/dnsmasq-discuss%40lists.thekelleys.org.uk/msg11664.html

Resource:

mailing-list

x_refsource_MLIST

Hyperlink: https://cert-portal.siemens.com/productcert/pdf/ssa-689071.pdf

Resource:

x_refsource_CONFIRM

Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5MMPCJOYPPL4B5RBY4U425PWG7EETDTD/

Resource:

vendor-advisory

x_refsource_FEDORA

Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YXRZ2W6TV6NLUJC5NOFBSG6PZSMDTYPV/

Resource:

vendor-advisory

x_refsource_FEDORA

Hyperlink: http://www.ubuntu.com/usn/USN-3430-3

Resource:

vendor-advisory

x_refsource_UBUNTU

Hyperlink: http://packetstormsecurity.com/files/144480/Dnsmasq-2-Byte-Heap-Based-Overflow.html

Resource:

x_refsource_MISC

Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00005.html

Resource:

vendor-advisory

x_refsource_SUSE

Hyperlink: https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-449/

Resource:

x_refsource_CONFIRM

Hyperlink: http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171103-01-dnsmasq-en

Resource:

x_refsource_CONFIRM

Hyperlink: https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-449

Resource:

x_refsource_CONFIRM

Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/527KNN34RN2SB6MBJG7CKSEBWYE3TJEB/

Resource:

vendor-advisory

x_refsource_FEDORA

Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00003.html

Resource:

vendor-advisory

x_refsource_SUSE

Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00004.html

Resource:

vendor-advisory

x_refsource_SUSE

Hyperlink: https://www.debian.org/security/2017/dsa-3989

Resource:

vendor-advisory

x_refsource_DEBIAN

Hyperlink: https://www.arista.com/en/support/advisories-notices/security-advisories/3577-security-advisory-30

Resource:

x_refsource_MISC

▼Authorized Data Publishers (ADP)

CVE Program Container

References

Hyperlink	Resource
http://www.securitytracker.com/id/1039474	vdb-entry x_refsource_SECTRACK x_transferred
https://www.synology.com/support/security/Synology_SA_17_59_Dnsmasq	x_refsource_CONFIRM x_transferred
http://www.debian.org/security/2017/dsa-3989	vendor-advisory x_refsource_DEBIAN x_transferred
https://access.redhat.com/security/vulnerabilities/3199382	x_refsource_CONFIRM x_transferred
http://www.securityfocus.com/bid/101085	vdb-entry x_refsource_BID x_transferred
http://www.ubuntu.com/usn/USN-3430-1	vendor-advisory x_refsource_UBUNTU x_transferred
http://thekelleys.org.uk/gitweb/?p=dnsmasq.git%3Ba=commit%3Bh=0549c73b7ea6b22a3c49beb4d432f185a81efcbc	x_refsource_CONFIRM x_transferred
http://www.securityfocus.com/bid/101977	vdb-entry x_refsource_BID x_transferred
https://access.redhat.com/errata/RHSA-2017:2838	vendor-advisory x_refsource_REDHAT x_transferred
https://www.kb.cert.org/vuls/id/973527	third-party-advisory x_refsource_CERT-VN x_transferred
https://security.gentoo.org/glsa/201710-27	vendor-advisory x_refsource_GENTOO x_transferred
https://access.redhat.com/errata/RHSA-2017:2840	vendor-advisory x_refsource_REDHAT x_transferred
http://www.ubuntu.com/usn/USN-3430-2	vendor-advisory x_refsource_UBUNTU x_transferred
https://access.redhat.com/errata/RHSA-2017:2839	vendor-advisory x_refsource_REDHAT x_transferred
https://www.mail-archive.com/dnsmasq-discuss%40lists.thekelleys.org.uk/msg11665.html	mailing-list x_refsource_MLIST x_transferred
https://access.redhat.com/errata/RHSA-2017:2836	vendor-advisory x_refsource_REDHAT x_transferred
http://nvidia.custhelp.com/app/answers/detail/a_id/4561	x_refsource_CONFIRM x_transferred
http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-005.txt	x_refsource_CONFIRM x_transferred
https://access.redhat.com/errata/RHSA-2017:2837	vendor-advisory x_refsource_REDHAT x_transferred
https://www.exploit-db.com/exploits/42941/	exploit x_refsource_EXPLOIT-DB x_transferred
http://thekelleys.org.uk/dnsmasq/CHANGELOG	x_refsource_CONFIRM x_transferred
https://access.redhat.com/errata/RHSA-2017:2841	vendor-advisory x_refsource_REDHAT x_transferred
http://nvidia.custhelp.com/app/answers/detail/a_id/4560	x_refsource_CONFIRM x_transferred
http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00006.html	vendor-advisory x_refsource_SUSE x_transferred
https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html	x_refsource_MISC x_transferred
https://www.mail-archive.com/dnsmasq-discuss%40lists.thekelleys.org.uk/msg11664.html	mailing-list x_refsource_MLIST x_transferred
https://cert-portal.siemens.com/productcert/pdf/ssa-689071.pdf	x_refsource_CONFIRM x_transferred
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5MMPCJOYPPL4B5RBY4U425PWG7EETDTD/	vendor-advisory x_refsource_FEDORA x_transferred
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YXRZ2W6TV6NLUJC5NOFBSG6PZSMDTYPV/	vendor-advisory x_refsource_FEDORA x_transferred
http://www.ubuntu.com/usn/USN-3430-3	vendor-advisory x_refsource_UBUNTU x_transferred
http://packetstormsecurity.com/files/144480/Dnsmasq-2-Byte-Heap-Based-Overflow.html	x_refsource_MISC x_transferred
http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00005.html	vendor-advisory x_refsource_SUSE x_transferred
https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-449/	x_refsource_CONFIRM x_transferred
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171103-01-dnsmasq-en	x_refsource_CONFIRM x_transferred
https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-449	x_refsource_CONFIRM x_transferred
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/527KNN34RN2SB6MBJG7CKSEBWYE3TJEB/	vendor-advisory x_refsource_FEDORA x_transferred
http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00003.html	vendor-advisory x_refsource_SUSE x_transferred
http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00004.html	vendor-advisory x_refsource_SUSE x_transferred
https://www.debian.org/security/2017/dsa-3989	vendor-advisory x_refsource_DEBIAN x_transferred
https://www.arista.com/en/support/advisories-notices/security-advisories/3577-security-advisory-30	x_refsource_MISC x_transferred

Hyperlink: http://www.securitytracker.com/id/1039474

Resource:

vdb-entry

x_refsource_SECTRACK

x_transferred

Hyperlink: https://www.synology.com/support/security/Synology_SA_17_59_Dnsmasq

Resource:

x_refsource_CONFIRM

x_transferred

Hyperlink: http://www.debian.org/security/2017/dsa-3989

Resource:

vendor-advisory

x_refsource_DEBIAN

x_transferred

Hyperlink: https://access.redhat.com/security/vulnerabilities/3199382

Resource:

x_refsource_CONFIRM

x_transferred

Hyperlink: http://www.securityfocus.com/bid/101085

Resource:

vdb-entry

x_refsource_BID

x_transferred

Hyperlink: http://www.ubuntu.com/usn/USN-3430-1

Resource:

vendor-advisory

x_refsource_UBUNTU

x_transferred

Hyperlink: http://thekelleys.org.uk/gitweb/?p=dnsmasq.git%3Ba=commit%3Bh=0549c73b7ea6b22a3c49beb4d432f185a81efcbc

Resource:

x_refsource_CONFIRM

x_transferred

Hyperlink: http://www.securityfocus.com/bid/101977

Resource:

vdb-entry

x_refsource_BID

x_transferred

Hyperlink: https://access.redhat.com/errata/RHSA-2017:2838

Resource:

vendor-advisory

x_refsource_REDHAT

x_transferred

Hyperlink: https://www.kb.cert.org/vuls/id/973527

Resource:

third-party-advisory

x_refsource_CERT-VN

x_transferred

Hyperlink: https://security.gentoo.org/glsa/201710-27

Resource:

vendor-advisory

x_refsource_GENTOO

x_transferred

Hyperlink: https://access.redhat.com/errata/RHSA-2017:2840

Resource:

vendor-advisory

x_refsource_REDHAT

x_transferred

Hyperlink: http://www.ubuntu.com/usn/USN-3430-2

Resource:

vendor-advisory

x_refsource_UBUNTU

x_transferred

Hyperlink: https://access.redhat.com/errata/RHSA-2017:2839

Resource:

vendor-advisory

x_refsource_REDHAT

x_transferred

Hyperlink: https://www.mail-archive.com/dnsmasq-discuss%40lists.thekelleys.org.uk/msg11665.html

Resource:

mailing-list

x_refsource_MLIST

x_transferred

Hyperlink: https://access.redhat.com/errata/RHSA-2017:2836

Resource:

vendor-advisory

x_refsource_REDHAT

x_transferred

Hyperlink: http://nvidia.custhelp.com/app/answers/detail/a_id/4561

Resource:

x_refsource_CONFIRM

x_transferred

Hyperlink: http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-005.txt

Resource:

x_refsource_CONFIRM

x_transferred

Hyperlink: https://access.redhat.com/errata/RHSA-2017:2837

Resource:

vendor-advisory

x_refsource_REDHAT

x_transferred

Hyperlink: https://www.exploit-db.com/exploits/42941/

Resource:

exploit

x_refsource_EXPLOIT-DB

x_transferred

Hyperlink: http://thekelleys.org.uk/dnsmasq/CHANGELOG

Resource:

x_refsource_CONFIRM

x_transferred

Hyperlink: https://access.redhat.com/errata/RHSA-2017:2841

Resource:

vendor-advisory

x_refsource_REDHAT

x_transferred

Hyperlink: http://nvidia.custhelp.com/app/answers/detail/a_id/4560

Resource:

x_refsource_CONFIRM

x_transferred

Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00006.html

Resource:

vendor-advisory

x_refsource_SUSE

x_transferred

Hyperlink: https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html

Resource:

x_refsource_MISC

x_transferred

Hyperlink: https://www.mail-archive.com/dnsmasq-discuss%40lists.thekelleys.org.uk/msg11664.html

Resource:

mailing-list

x_refsource_MLIST

x_transferred

Hyperlink: https://cert-portal.siemens.com/productcert/pdf/ssa-689071.pdf

Resource:

x_refsource_CONFIRM

x_transferred

Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5MMPCJOYPPL4B5RBY4U425PWG7EETDTD/

Resource:

vendor-advisory

x_refsource_FEDORA

x_transferred

Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YXRZ2W6TV6NLUJC5NOFBSG6PZSMDTYPV/

Resource:

vendor-advisory

x_refsource_FEDORA

x_transferred

Hyperlink: http://www.ubuntu.com/usn/USN-3430-3

Resource:

vendor-advisory

x_refsource_UBUNTU

x_transferred

Hyperlink: http://packetstormsecurity.com/files/144480/Dnsmasq-2-Byte-Heap-Based-Overflow.html

Resource:

x_refsource_MISC

x_transferred

Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00005.html

Resource:

vendor-advisory

x_refsource_SUSE

x_transferred

Hyperlink: https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-449/

Resource:

x_refsource_CONFIRM

x_transferred

Hyperlink: http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171103-01-dnsmasq-en

Resource:

x_refsource_CONFIRM

x_transferred

Hyperlink: https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-449

Resource:

x_refsource_CONFIRM

x_transferred

Hyperlink: https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/527KNN34RN2SB6MBJG7CKSEBWYE3TJEB/

Resource:

vendor-advisory

x_refsource_FEDORA

x_transferred

Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00003.html

Resource:

vendor-advisory

x_refsource_SUSE

x_transferred

Hyperlink: http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00004.html

Resource:

vendor-advisory

x_refsource_SUSE

x_transferred

Hyperlink: https://www.debian.org/security/2017/dsa-3989

Resource:

vendor-advisory

x_refsource_DEBIAN

x_transferred

Hyperlink: https://www.arista.com/en/support/advisories-notices/security-advisories/3577-security-advisory-30

Resource:

x_refsource_MISC

x_transferred

Affected Products

Affected

Problem Types

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References

Affected Products

Metrics

Metrics Other Info

Impacts

Solutions

Configurations

Workarounds

Exploits

Credits

Timeline

Replaced By

Rejected Reason

References