PT-2019-6270 · Simon Kelley+7 · Dnsmasq+7

Dhananjay Arunesh

+1

·

Published

2019-08-14

·

Updated

2025-08-11

·

CVE-2019-14834

CVSS v2.0

4.3

Medium

VectorAV:N/AC:M/Au:N/C:N/I:N/A:P
Name of the Vulnerable Software and Affected Versions dnsmasq versions prior to 2.81
Description A memory leak in dnsmasq allows remote attackers to cause a denial of service via vectors involving DHCP response creation. The issue is related to the create helper() function in the /src/helper.c component of the DNS server, which is associated with unlimited memory allocation. This enables a remote attacker to exploit the vulnerability using a specially crafted DHCP response, leading to memory consumption and a denial of service.
Recommendations For versions prior to 2.81, update to version 2.81 or later to resolve the issue. As a temporary workaround, consider restricting access to the DHCP response creation functionality to minimize the risk of exploitation.

Fix

DoS

Allocation of Resources Without Limits

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-770

Related Identifiers

ALT-PU-2020-1712
ALT-PU-2021-1167
ALT-PU-2021-1217
BDU:2022-06243
CESA-2020_1715
CESA-2020_3878
CVE-2019-14834
MGASA-2019-0392
OPENSUSE-SU-2019:2669-1
OPENSUSE-SU-2019_2669-1
OPENSUSE-SU-2024:10721-1
RHSA-2020:1715
RHSA-2020:3878
RHSA-2020_1715
RHSA-2020_3878
SUSE-SU-2019:3188-1
SUSE-SU-2019:3189-1
SUSE-SU-2020:0419-1
SUSE-SU-2020_0419-1
SUSE-SU-2021:14603-1
SUSE-SU-2021_14603-1
USN-4698-1
USN-4698-2
USN-7689-1

Affected Products

Alt Linux
Astra Linux
Centos
Linuxmint
Red Hat
Suse
Ubuntu
Dnsmasq