CVE-2019-14834
published 2020-01-07CVE-2019-14834: A vulnerability was found in dnsmasq before version 2.81, where the memory leak allows remote attackers to cause a denial of service (memory consumption) via…
PriorityP414low3.7CVSS 3.1
AVNACHPRNUINSUCNINAL
EPSS
2.66%
83.8th percentile
A vulnerability was found in dnsmasq before version 2.81, where the memory leak allows remote attackers to cause a denial of service (memory consumption) via vectors involving DHCP response creation.
Affected
17 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | dnsmasq | < dnsmasq 2.81-1 (bookworm) | dnsmasq 2.81-1 (bookworm) |
| fedoraproject | fedora | — | — |
| msrc | cbl_mariner_1.0_arm | — | — |
| msrc | cbl_mariner_1.0_x64 | — | — |
| msrc | cm1_dnsmasq_2.79-11_on_cbl_mariner_1.0 | — | — |
| the_dnsmasq_project | dnsmasq | — | — |
| thekelleys | dnsmasq | < 2.81 | 2.81 |
| thekelleys | dnsmasq | >= 0 < 2.81-1 | 2.81-1 |
| thekelleys | dnsmasq | >= 0 < 2.81-1 | 2.81-1 |
| thekelleys | dnsmasq | >= 0 < 2.81-1 | 2.81-1 |
| thekelleys | dnsmasq | >= 0 < 2.81-1 | 2.81-1 |
| thekelleys | dnsmasq | >= 0 < 2.75-1ubuntu0.16.04.7 | 2.75-1ubuntu0.16.04.7 |
| thekelleys | dnsmasq | >= 0 < 2.75-1ubuntu0.16.04.8 | 2.75-1ubuntu0.16.04.8 |
| thekelleys | dnsmasq | >= 0 < 2.79-1ubuntu0.2 | 2.79-1ubuntu0.2 |
| thekelleys | dnsmasq | >= 0 < 2.79-1ubuntu0.3 | 2.79-1ubuntu0.3 |
| thekelleys | dnsmasq | >= 0 < 2.80-1.1ubuntu1.2 | 2.80-1.1ubuntu1.2 |
| thekelleys | dnsmasq | >= 0 < 2.80-1.1ubuntu1.3 | 2.80-1.1ubuntu1.3 |
CVSS provenance
nvdv3.13.7LOWCVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
nvdv3.03.7LOWCVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
nvdv2.04.3MEDIUMAV:N/AC:M/Au:N/C:N/I:N/A:P
osv3.7LOW
vendor_debian3.7LOW
vendor_msrc3.7LOW
vendor_redhat3.7LOW
vendor_ubuntu3.7LOW
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Ubuntu
Dnsmasq vulnerability
vendor_ubuntu·2025-08-11
CVE-2019-14834 Dnsmasq vulnerability
Title: Dnsmasq vulnerability
Summary: Dnsmasq could be made to crash if it received specially crafted network
traffic.
Xu Mingjie discovered that Dnsmasq did not correctly handle certain memory
operations. A remote attacker could possibly use this issue to cause a
denial of service.
Instructions: After a standard system update you need to restart dnsmasq to make
all the necessary changes.
Ubuntu
Dnsmasq regression
vendor_ubuntu·2021-02-24·CVSS 3.7
[LOW] Dnsmasq regression
Title: Dnsmasq regression
Summary: USN-4698-1 introduced regressions in Dnsmasq.
USN-4698-1 fixed vulnerabilities in Dnsmasq. The updates introduced
regressions in certain environments related to issues with multiple
queries, and issues with retries. This update fixes the problem.
Original advisory details:
Moshe Kol and Shlomi Oberman discovered that Dnsmasq incorrectly handled
memory when sorting RRsets. A remote attacker could use this issue to cause
Dnsmasq to hang, resulting in a denial of service, or possibly execute
arbitrary code. (CVE-2020-25681, CVE-2020-25687)
Moshe Kol and Shlomi Oberman discovered that Dnsmasq incorrectly handled
extracting certain names. A remote attacker could use this issue to cause
Dnsmasq to hang, resulting in a denial of service, or possibly execute
Ubuntu
Dnsmasq vulnerabilities
vendor_ubuntu·2021-01-19·CVSS 3.7
CVE-2020-25684 [LOW] Dnsmasq vulnerabilities
Title: Dnsmasq vulnerabilities
Summary: Several security issues were fixed in Dnsmasq.
Moshe Kol and Shlomi Oberman discovered that Dnsmasq incorrectly handled
memory when sorting RRsets. A remote attacker could use this issue to cause
Dnsmasq to hang, resulting in a denial of service, or possibly execute
arbitrary code. (CVE-2020-25681, CVE-2020-25687)
Moshe Kol and Shlomi Oberman discovered that Dnsmasq incorrectly handled
extracting certain names. A remote attacker could use this issue to cause
Dnsmasq to hang, resulting in a denial of service, or possibly execute
arbitrary code. (CVE-2020-25682, CVE-2020-25683)
Moshe Kol and Shlomi Oberman discovered that Dnsmasq incorrectly
implemented address/port checks. A remote attacker could use this issue to
perform a cache poisoning attack.
Microsoft
A vulnerability was found in dnsmasq before version 2.81 where the memory leak allows remote attackers to cause a denial of service (memory consumption) via vectors involving DHCP response creation.
vendor_msrc·2020-01-14·CVSS 3.7
CVE-2019-14834 [LOW] CWE-770 A vulnerability was found in dnsmasq before version 2.81 where the memory leak allows remote attackers to cause a denial of service (memory consumption) via vectors involving DHCP response creation.
A vulnerability was found in dnsmasq before version 2.81 where the memory leak allows remote attackers to cause a denial of service (memory consumption) via vectors involving DHCP response creation.
FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?
One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See this blog post for more information. If impact to additional products is identified, we will update the C
Red Hat
dnsmasq: memory leak in the create_helper() function in /src/helper.c
vendor_redhat·2019-10-23·CVSS 3.7
CVE-2019-14834 [LOW] CWE-770 dnsmasq: memory leak in the create_helper() function in /src/helper.c
dnsmasq: memory leak in the create_helper() function in /src/helper.c
A vulnerability was found in dnsmasq before version 2.81, where the memory leak allows remote attackers to cause a denial of service (memory consumption) via vectors involving DHCP response creation.
A flaw was found in the Dnsmasq application where a remote attacker can trigger a memory leak by sending specially crafted DHCP responses to the server. A successful attack is dependent on a specific configuration regarding the domain name set into the dnsmasq.conf file. Over time, the memory leak may cause the process to run out of memory and terminate, causing a denial of service.
Statement: In Red Hat OpenStack Platform, which currently supports Red Hat Enterprise Linux 7.7, the dnsmasq package is pulled directly from
Debian
CVE-2019-14834: dnsmasq - A vulnerability was found in dnsmasq before version 2.81, where the memory leak ...
vendor_debian·2019·CVSS 3.7
CVE-2019-14834 [LOW] CVE-2019-14834: dnsmasq - A vulnerability was found in dnsmasq before version 2.81, where the memory leak ...
A vulnerability was found in dnsmasq before version 2.81, where the memory leak allows remote attackers to cause a denial of service (memory consumption) via vectors involving DHCP response creation.
Scope: local
bookworm: resolved (fixed in 2.81-1)
bullseye: resolved (fixed in 2.81-1)
forky: resolved (fixed in 2.81-1)
sid: resolved (fixed in 2.81-1)
trixie: resolved (fixed in 2.81-1)
GHSA
GHSA-rwmq-3523-q2pg: A vulnerability was found in dnsmasq before version 2
ghsa_unreviewed·2022-05-24
CVE-2019-14834 [MEDIUM] CWE-770 GHSA-rwmq-3523-q2pg: A vulnerability was found in dnsmasq before version 2
A vulnerability was found in dnsmasq before version 2.81, where the memory leak allows remote attackers to cause a denial of service (memory consumption) via vectors involving DHCP response creation.
OSV
dnsmasq regression
osv·2021-02-24·CVSS 3.7
[LOW] dnsmasq regression
dnsmasq regression
USN-4698-1 fixed vulnerabilities in Dnsmasq. The updates introduced
regressions in certain environments related to issues with multiple
queries, and issues with retries. This update fixes the problem.
Original advisory details:
Moshe Kol and Shlomi Oberman discovered that Dnsmasq incorrectly handled
memory when sorting RRsets. A remote attacker could use this issue to cause
Dnsmasq to hang, resulting in a denial of service, or possibly execute
arbitrary code. (CVE-2020-25681, CVE-2020-25687)
Moshe Kol and Shlomi Oberman discovered that Dnsmasq incorrectly handled
extracting certain names. A remote attacker could use this issue to cause
Dnsmasq to hang, resulting in a denial of service, or possibly execute
arbitrary code. (CVE-2020-25682, CVE-2020-25683)
Moshe Kol an
OSV
dnsmasq vulnerabilities
osv·2021-01-19·CVSS 3.7
CVE-2020-25681 [LOW] dnsmasq vulnerabilities
dnsmasq vulnerabilities
Moshe Kol and Shlomi Oberman discovered that Dnsmasq incorrectly handled
memory when sorting RRsets. A remote attacker could use this issue to cause
Dnsmasq to hang, resulting in a denial of service, or possibly execute
arbitrary code. (CVE-2020-25681, CVE-2020-25687)
Moshe Kol and Shlomi Oberman discovered that Dnsmasq incorrectly handled
extracting certain names. A remote attacker could use this issue to cause
Dnsmasq to hang, resulting in a denial of service, or possibly execute
arbitrary code. (CVE-2020-25682, CVE-2020-25683)
Moshe Kol and Shlomi Oberman discovered that Dnsmasq incorrectly
implemented address/port checks. A remote attacker could use this issue to
perform a cache poisoning attack. (CVE-2020-25684)
Moshe Kol and Shlomi Oberman discovered that
OSV
CVE-2019-14834: A vulnerability was found in dnsmasq before version 2
osv·2020-01-07·CVSS 3.7
CVE-2019-14834 [LOW] CVE-2019-14834: A vulnerability was found in dnsmasq before version 2
A vulnerability was found in dnsmasq before version 2.81, where the memory leak allows remote attackers to cause a denial of service (memory consumption) via vectors involving DHCP response creation.
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2019-14834 dnsmasq: memory leak in in a infinite while(1) loop in the create_helper() function in /src/helper.c [fedora-all]
bugzilla·2019-10-23·CVSS 3.7
CVE-2019-14834 [LOW] CVE-2019-14834 dnsmasq: memory leak in in a infinite while(1) loop in the create_helper() function in /src/helper.c [fedora-all]
CVE-2019-14834 dnsmasq: memory leak in in a infinite while(1) loop in the create_helper() function in /src/helper.c [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
N
Bugzilla
CVE-2019-14834 dnsmasq: memory leak in the create_helper() function in /src/helper.c
bugzilla·2019-10-23·CVSS 3.7
CVE-2019-14834 [LOW] CVE-2019-14834 dnsmasq: memory leak in the create_helper() function in /src/helper.c
CVE-2019-14834 dnsmasq: memory leak in the create_helper() function in /src/helper.c
A vulnerability was found in dnsmsq before version 2.81, where the memory leak allows remote attackers to cause a denial of service (memory consumption) via vectors involving DHCP response creation.
Upstream patch:
http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=69bc94779c2f035a9fffdb5327a54c3aeca73ed5
References:
http://www.thekelleys.org.uk/dnsmasq/doc.html
Discussion:
Created dnsmasq tracking bugs for this issue:
Affects: fedora-all [bug 1764426]
---
Statement:
In Red Hat OpenStack Platform, which currently supports Red Hat Enterprise Linux 7.7, the dnsmasq package is pulled directly from the rhel-7-server-rpms channel. Red Hat OpenStack Platform's version is therefore unused, pleas
http://thekelleys.org.uk/gitweb/?p=dnsmasq.git%3Ba=commit%3Bh=69bc94779c2f035a9fffdb5327a54c3aeca73ed5https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14834https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JU474LT66BHNVFG5C4GEV3VTZNAEJ3BS/http://thekelleys.org.uk/gitweb/?p=dnsmasq.git%3Ba=commit%3Bh=69bc94779c2f035a9fffdb5327a54c3aeca73ed5https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2019-14834https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/JU474LT66BHNVFG5C4GEV3VTZNAEJ3BS/
2020-01-07
Published