CVE-2017-15107Improperly Implemented Security Check for Standard in Dnsmasq

CWE-358Improperly Implemented Security Check for Standard10 documents8 sources
Severity
7.5HIGHNVD
EPSS
0.0%
top 92.88%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Thekelleys DnsmasqSimon Kelley Dnsmasq
Timeline
PublishedJan 23
Latest updateMay 13

Description

A vulnerability was found in the implementation of DNSSEC in Dnsmasq up to and including 2.78. Wildcard synthesized NSEC records could be improperly interpreted to prove the non-existence of hostnames that actually exist.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:NExploitability: 3.9 | Impact: 3.6

Affected Packages4 packages

Debianthekelleys/dnsmasq< 2.79-1+3
Ubuntuthekelleys/dnsmasq< 2.75-1ubuntu0.16.04.10
CVEListV5simon_kelley/dnsmasqup to and including 2.78

🔴Vulnerability Details

4
GHSA
GHSA-f999-2m22-345j: A vulnerability was found in the implementation of DNSSEC in Dnsmasq up to and including 22022-05-13
OSV
dnsmasq vulnerabilities2021-04-22
OSV
CVE-2017-15107: A vulnerability was found in the implementation of DNSSEC in Dnsmasq up to and including 22018-01-23
CVEList
CVE-2017-15107: A vulnerability was found in the implementation of DNSSEC in Dnsmasq up to and including 22018-01-23

📋Vendor Advisories

3
Ubuntu
Dnsmasq vulnerabilities2021-04-22
Red Hat
dnsmasq: Improper validation of wildcard synthesized NSEC records2018-01-19
Debian
CVE-2017-15107: dnsmasq - A vulnerability was found in the implementation of DNSSEC in Dnsmasq up to and i...2017

💬Community

2
Bugzilla
CVE-2017-15107 dnsmasq: Improper validation of wildcard synthesized NSEC records [fedora-all]2018-01-22
Bugzilla
CVE-2017-15107 dnsmasq: Improper validation of wildcard synthesized NSEC records2017-11-07
CVE-2017-15107 — Thekelleys Dnsmasq vulnerability | cvebase