Public exploit available

Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2017-14496

CWE-191 CWE-190 — Integer Overflow CWE-125 — Out-of-bounds Read12 documents10 sources

Severity

7.5HIGH

EPSS

16.9%

top 5.04%

CISA KEV

Not in KEV

Exploit

PoC available

Public exploit / PoC exists

Affected products

Thekelleys Dnsmasq Canonical Ubuntu Linux Debian Debian Linux +5 more

Timeline

PublishedOct 3

Latest updateMay 14

Description

Integer underflow in the add_pseudoheader function in dnsmasq before 2.78 , when the --add-mac, --add-cpe-id or --add-subnet option is specified, allows remote attackers to cause a denial of service via a crafted DNS request.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages7 packages

▶Debiandnsmasq< 2.78-1+3

▶NVDthekelleys/dnsmasq2.77

▶NVDnovell/leap42.2, 42.3+1

▶NVDgoogle/android9 versions+8

▶NVDredhat/enterprise_linux_server7.0

Also affects: Debian Linux 7.0, 7.1, 9.0, Ubuntu Linux 14.04, 16.04, 17.04

Patches

Patch: access.redhat.com ↗Patch: access.redhat.com ↗

🔴Vulnerability Details

GHSA

GHSA-68rc-w788-2jr7: Integer underflow in the add_pseudoheader function in dnsmasq before 2↗2022-05-14

▶

OSV

CVE-2017-14496: Integer underflow in the add_pseudoheader function in dnsmasq before 2↗2017-10-03

▶

CVEList

CVE-2017-14496: Integer underflow in the add_pseudoheader function in dnsmasq before 2↗2017-10-02

▶

💥Exploits & PoCs

Exploit-DB

Dnsmasq < 2.78 - Integer Underflow↗2017-10-02

▶

📋Vendor Advisories

Ubuntu

Dnsmasq vulnerabilities↗2017-10-03

▶

Red Hat

dnsmasq: integer underflow leading to buffer over-read in the EDNS0 code↗2017-10-02

▶

Ubuntu

Dnsmasq vulnerabilities↗2017-10-02

▶

Android

CVE-2017-14496: Android Security Bulletin 2017-10-01 CVE: CVE-2017-14496 Severity: HIGH Type: RCE Affected AOSP versions: 4↗2017-10-01

▶

Debian

CVE-2017-14496: dnsmasq - Integer underflow in the add_pseudoheader function in dnsmasq before 2.78 , when...↗2017

▶

💬Community

Bugzilla

CVE-2017-14491 CVE-2017-14492 CVE-2017-14493 CVE-2017-14494 CVE-2017-14495 CVE-2017-14496 dnsmasq: various flaws [fedora-all]↗2017-10-02

▶

Bugzilla

CVE-2017-14496 dnsmasq: integer underflow leading to buffer over-read in the EDNS0 code↗2017-09-26

▶