| Vulnerability Name: | CVE-2017-13704 (CCN-132930) | ||||||||||||||||
| Assigned: | 2017-10-02 | ||||||||||||||||
| Published: | 2017-10-02 | ||||||||||||||||
| Updated: | 2018-05-11 | ||||||||||||||||
| Summary: | In dnsmasq before 2.78, if the DNS packet size does not match the expected size, the size parameter in a memset call gets a negative value. As it is an unsigned value, memset ends up writing up to 0xffffffff zero's (0xffffffffffffffff in 64 bit platforms), making dnsmasq crash. | ||||||||||||||||
| CVSS v3 Severity: | 7.5 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H) 6.5 Medium (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)
6.5 Medium (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H/E:U/RL:O/RC:C)
| ||||||||||||||||
| CVSS v2 Severity: | 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P)
| ||||||||||||||||
| Vulnerability Type: | CWE-20 | ||||||||||||||||
| Vulnerability Consequences: | Denial of Service | ||||||||||||||||
| References: | Source: MITRE Type: CNA CVE-2017-13704 Source: CCN Type: SECTRACK ID: 1039474 Dnsmasq Multiple Flaws Let Remote Users Execute Arbitrary Code, Deny Service, and Obtain Potentially Sensitive Information Source: CONFIRM Type: Release Notes, Vendor Advisory http://thekelleys.org.uk/dnsmasq/CHANGELOG Source: CONFIRM Type: Patch, Vendor Advisory http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=63437ffbb58837b214b4b92cb1c54bc5f3279928 Source: CCN Type: IBM Security Bulletin T1026488 (Cloud Manager with Openstack) Multiple security vulnerabilities in dnsmasq affect IBM Cloud Manager with OpenStack Source: CCN Type: US-CERT VU#973527 Dnsmasq contains multiple vulnerabilities Source: BID Type: Third Party Advisory, VDB Entry 101085 Source: CCN Type: BID-101085 Dnsmasq VU#973527 Multiple Security Vulnerabilities Source: BID Type: UNKNOWN 101977 Source: CCN Type: BID-101977 Multiple Siemens SCALANCE Products Multiple Security Vulnerabilities Source: SECTRACK Type: Third Party Advisory, VDB Entry 1039474 Source: CCN Type: dnsmasq Web site dnsmasq Source: CONFIRM Type: Issue Tracking, Third Party Advisory https://access.redhat.com/security/vulnerabilities/3199382 Source: CCN Type: Siemens Security Advisory SSA-689071 DNSMasq Vulnerabilities in SCALANCE W1750D, SCALANCE M800 and SCALANCE S615 Source: CONFIRM Type: UNKNOWN https://cert-portal.siemens.com/productcert/pdf/ssa-689071.pdf Source: XF Type: UNKNOWN dnsmasq-cve201713704-dos(132930) Source: FEDORA Type: Third Party Advisory FEDORA-2017-274d763ed8 Source: MISC Type: Third Party Advisory https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html Source: MLIST Type: Mailing List, Third Party Advisory [dnsmasq-discuss] 20171002 IMPORTANT SECURITY INFORMATION. Source: MLIST Type: Mailing List, Third Party Advisory [dnsmasq-discuss] 20171002 Announce: dnsmasq-2.78. Source: CONFIRM Type: UNKNOWN https://www.synology.com/support/security/Synology_SA_17_59_Dnsmasq | ||||||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration 2:  Denotes that component is vulnerable | ||||||||||||||||
| Oval Definitions | |||||||||||||||||
| |||||||||||||||||
| BACK | |||||||||||||||||