PT-2019-2911 · Dnsmasq+2 · Dnsmasq+2

Samuel R Lovejoy

Publicado

2016-05-20

Atualizado

2023-03-03

CVE-2019-14513

CVSS v2.0

7.8

Alta

Vetor

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Dnsmasq versions prior to 2.76

Description The issue is related to improper bounds checking in the do doctor function of the Dnsmasq DNS server, which can lead to a buffer overflow in memory. This can be exploited by a remote attacker who controls a DNS server, allowing them to cause a denial of service or execute arbitrary code when the DNS server sends a specially crafted response larger than 4096 bytes.

Recommendations For versions prior to 2.76, update to version 2.76 or later to resolve the issue. As a temporary workaround, consider restricting the size of DNS packets to prevent exploitation until a patch is applied.

Exploit

Correção

Out of bounds Read

Buffer Overflow

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-125CWE-119

Identificadores relacionados

ALT-PU-2016-1523

BDU:2019-02883

CVE-2019-14513

DLA-1921-1

USN-4924-1

Produtos afetados

Alt Linux

Dnsmasq

Ubuntu

PT-2019-2911 · Dnsmasq+2 · Dnsmasq+2

CVE-2019-14513

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 17