PT-2019-2911 · Dnsmasq+2 · Dnsmasq+2

Samuel R Lovejoy

Published

2016-05-20

Updated

2023-03-03

CVE-2019-14513

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions Dnsmasq versions prior to 2.76

Description The issue is related to improper bounds checking in the do doctor function of the Dnsmasq DNS server, which can lead to a buffer overflow in memory. This can be exploited by a remote attacker who controls a DNS server, allowing them to cause a denial of service or execute arbitrary code when the DNS server sends a specially crafted response larger than 4096 bytes.

Recommendations For versions prior to 2.76, update to version 2.76 or later to resolve the issue. As a temporary workaround, consider restricting the size of DNS packets to prevent exploitation until a patch is applied.

Exploit

Fix

Out of bounds Read

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-125CWE-119

Related Identifiers

ALT-PU-2016-1523

BDU:2019-02883

CVE-2019-14513

DLA-1921-1

USN-4924-1

Affected Products

Alt Linux

Dnsmasq

Ubuntu

PT-2019-2911 · Dnsmasq+2 · Dnsmasq+2

CVE-2019-14513

Weakness Enumeration

Related Identifiers

Affected Products

References · 17