PT-2019-6270 · Simon Kelley+7 · Dnsmasq+7

Dhananjay Arunesh

Publicado

2019-08-14

Atualizado

2025-08-11

CVE-2019-14834

CVSS v2.0

4.3

Média

Vetor

AV:N/AC:M/Au:N/C:N/I:N/A:P

Name of the Vulnerable Software and Affected Versions dnsmasq versions prior to 2.81

Description A memory leak in dnsmasq allows remote attackers to cause a denial of service via vectors involving DHCP response creation. The issue is related to the create helper() function in the /src/helper.c component of the DNS server, which is associated with unlimited memory allocation. This enables a remote attacker to exploit the vulnerability using a specially crafted DHCP response, leading to memory consumption and a denial of service.

Recommendations For versions prior to 2.81, update to version 2.81 or later to resolve the issue. As a temporary workaround, consider restricting access to the DHCP response creation functionality to minimize the risk of exploitation.

Correção

DoS

Allocation of Resources Without Limits

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-770

Identificadores relacionados

ALT-PU-2020-1712

ALT-PU-2021-1167

ALT-PU-2021-1217

BDU:2022-06243

CESA-2020_1715

CESA-2020_3878

CVE-2019-14834

MGASA-2019-0392

OPENSUSE-SU-2019:2669-1

OPENSUSE-SU-2019_2669-1

OPENSUSE-SU-2024:10721-1

RHSA-2020:1715

RHSA-2020:3878

RHSA-2020_1715

RHSA-2020_3878

SUSE-SU-2019:3188-1

SUSE-SU-2019:3189-1

SUSE-SU-2020:0419-1

SUSE-SU-2020_0419-1

SUSE-SU-2021:14603-1

SUSE-SU-2021_14603-1

USN-4698-1

USN-4698-2

USN-7689-1

Produtos afetados

Alt Linux

Astra Linux

Centos

Linuxmint

Red Hat

Suse

Ubuntu

Dnsmasq

PT-2019-6270 · Simon Kelley+7 · Dnsmasq+7

CVE-2019-14834

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 71