CVE-2017-13704

Name of the Vulnerable Software and Affected Versions dnsmasq versions prior to 2.78

Description The issue is related to insufficient size checking of DNS packets in the memset() function of the dnsmasq DNS server. This can be exploited by a remote attacker to cause a denial of service by sending specially crafted requests to port 53/udp. The exploitation leads to dnsmasq crashing due to an incorrect size parameter in a memset call, resulting in an attempt to write a large number of zeros.

Recommendations For versions prior to 2.78, update to version 2.78 or later to resolve the issue. As a temporary workaround, consider restricting access to the DNS server to minimize the risk of exploitation.