Vulnerability Details : CVE-2017-14492
Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted IPv6 router advertisement request.
Vulnerability category: OverflowExecute codeDenial of service
Exploit prediction scoring system (EPSS) score for CVE-2017-14492
Probability of exploitation activity in the next 30 days: 94.28%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 99 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2017-14492
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Source |
|---|---|---|---|---|---|
|
7.5
|
HIGH | AV:N/AC:L/Au:N/C:P/I:P/A:P |
10.0
|
6.4
|
[email protected] |
|
9.8
|
CRITICAL | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
3.9
|
5.9
|
[email protected] |
CWE ids for CVE-2017-14492
-
The product performs operations on a memory buffer, but it can read from or write to a memory location that is outside of the intended boundary of the buffer.Assigned by: [email protected] (Primary)
References for CVE-2017-14492
-
http://www.ubuntu.com/usn/USN-3430-2
Third Party Advisory
-
http://www.debian.org/security/2017/dsa-3989
Third Party Advisory
- https://security.gentoo.org/glsa/201710-27
-
http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00006.html
Issue Tracking;Mailing List;Third Party Advisory
- http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-005.txt
-
https://www.kb.cert.org/vuls/id/973527
Third Party Advisory;US Government Resource
-
https://www.mail-archive.com/[email protected]/msg11664.html
Mailing List;Third Party Advisory
-
https://access.redhat.com/security/vulnerabilities/3199382
Issue Tracking;Third Party Advisory
-
http://www.securityfocus.com/bid/101085
Third Party Advisory;VDB Entry
- https://www.synology.com/support/security/Synology_SA_17_59_Dnsmasq
-
http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=24036ea507862c7b7898b68289c8130f85599c10
Third Party Advisory
-
http://www.securitytracker.com/id/1039474
Third Party Advisory;VDB Entry
-
https://access.redhat.com/errata/RHSA-2017:2836
Patch;Third Party Advisory
-
https://www.mail-archive.com/[email protected]/msg11665.html
Mailing List;Third Party Advisory
- http://nvidia.custhelp.com/app/answers/detail/a_id/4561
-
http://thekelleys.org.uk/dnsmasq/CHANGELOG
Release Notes;Vendor Advisory
-
https://www.exploit-db.com/exploits/42942/
Third Party Advisory;VDB Entry
-
http://www.ubuntu.com/usn/USN-3430-1
Third Party Advisory
-
https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html
Third Party Advisory
-
https://access.redhat.com/errata/RHSA-2017:2837
Patch;Third Party Advisory
Products affected by CVE-2017-14492
- cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:7.1:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
- cpe:2.3:o:canonical:ubuntu_linux:17.04:*:*:*:*:*:*:*
- cpe:2.3:a:thekelleys:dnsmasq:*:*:*:*:*:*:*:*