PT-2017-1001 · Simon Kelley+5 · Dnsmasq+5

Felix Wilhelm

+4

·

Publicado

2017-09-25

·

Atualizado

2026-03-10

·

CVE-2017-14491

CVSS v3.1

9.8

Crítica

VetorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions dnsmasq versions prior to 2.78
Description The issue is a heap-based buffer overflow that can be triggered by a crafted DNS response, allowing remote attackers to cause a denial of service or execute arbitrary code. This can occur due to a missing bounds check in the do rfc1035 name function of util.c, potentially leading to an out of bounds write. The exploitation of this issue does not require user interaction and can result in remote code execution, denial of service, or an out of memory situation.
Recommendations For versions prior to 2.78, update to version 2.78 or later to resolve the issue. As a temporary workaround, consider restricting DNS response processing to minimize the risk of exploitation. Avoid using the do rfc1035 name function in util.c until a patch is available.

Exploit

Correção

DoS

Memory Corruption

Heap Based Buffer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-787CWE-122

Identificadores relacionados

ALT-PU-2017-2387
ASB-A-158221622
BDU:2017-02360
CESA-2017_2836
CESA-2017_2838
CVE-2017-14491
DLA-1124-1
DSA-3989-1
ELSA-2017-2836
ELSA-2017-2838
MGASA-2017-0364
MGASA-2017-0367
OPENSUSE-SU-2017_2633-1
OPENSUSE-SU-2024:10721-1
RHSA-2017:2836
RHSA-2017:2837
RHSA-2017:2838
RHSA-2017:2839
RHSA-2017:2840
RHSA-2017:2841
RHSA-2017_2836
RHSA-2017_2838
RHSA-2017_2840
SUSE-SU-2017:2616-1
SUSE-SU-2017:2617-1
SUSE-SU-2017:2618-1
SUSE-SU-2017:2619-1
SUSE-SU-2017_2616-1
SUSE-SU-2017_2617-1
SUSE-SU-2017_2618-1
SUSE-SU-2017_2619-1
USN-3430-1
USN-3430-2

Produtos afetados

Alt Linux
Centos
Red Hat
Suse
Ubuntu
Dnsmasq