Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2017-14494

CWE-200 — Information Exposure CWE-125 — Out-of-bounds Read11 documents9 sources

Severity

5.9MEDIUM

EPSS

11.0%

top 6.58%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Thekelleys Dnsmasq Canonical Ubuntu Linux Debian Debian Linux +4 more

Timeline

PublishedOct 3

Latest updateMay 14

Description

dnsmasq before 2.78, when configured as a relay, allows remote attackers to obtain sensitive memory information via vectors involving handling DHCPv6 forwarded requests.

CVSS vector

CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:NExploitability: 2.2 | Impact: 3.6

Affected Packages6 packages

▶Debiandnsmasq< 2.78-1+3

▶NVDthekelleys/dnsmasq2.77

▶NVDnovell/leap42.2, 42.3+1

▶NVDredhat/enterprise_linux_server7.0

▶NVDredhat/enterprise_linux_desktop7.0

Also affects: Debian Linux 7.0, 7.1, 9.0, Ubuntu Linux 14.04, 16.04, 17.04

Patches

Patch: access.redhat.com ↗Patch: access.redhat.com ↗Patch: access.redhat.com ↗

🔴Vulnerability Details

GHSA

GHSA-p5vm-j7g2-h6cx: dnsmasq before 2↗2022-05-14

▶

OSV

CVE-2017-14494: dnsmasq before 2↗2017-10-03

▶

CVEList

CVE-2017-14494: dnsmasq before 2↗2017-10-02

▶

💥Exploits & PoCs

Exploit-DB

Dnsmasq < 2.78 - Information Leak↗2017-10-02

▶

📋Vendor Advisories

Ubuntu

Dnsmasq vulnerabilities↗2017-10-03

▶

Red Hat

dnsmasq: information leak in the DHCPv6 relay code↗2017-10-02

▶

Ubuntu

Dnsmasq vulnerabilities↗2017-10-02

▶

Debian

CVE-2017-14494: dnsmasq - dnsmasq before 2.78, when configured as a relay, allows remote attackers to obta...↗2017

▶

💬Community

Bugzilla

CVE-2017-14491 CVE-2017-14492 CVE-2017-14493 CVE-2017-14494 CVE-2017-14495 CVE-2017-14496 dnsmasq: various flaws [fedora-all]↗2017-10-02

▶

Bugzilla

CVE-2017-14494 dnsmasq: information leak in the DHCPv6 relay code↗2017-09-26

▶