Vulnerability Note VU#973527
Dnsmasq contains multiple vulnerabilities
Dnsmasq versions 2.77 and earlier contains multiple vulnerabilities.
Multiple vulnerabilities have been reported in dnsmasq.
CWE-122: Heap-based Buffer Overflow - CVE-2017-14491
Dnsmasq is a widely used piece of open-source software. These vulnerabilities can be triggered remotely via DNS and DHCP protocols and can lead to remote code execution, information exposure, and denial of service. In some cases an attacker would need to induce one or more DNS requests.
Apply an Update
Vendor Information (Learn More)
|Vendor||Status||Date Notified||Date Updated|
|dnsmasq||Affected||25 Sep 2017||02 Oct 2017|
|Technicolor||Affected||-||18 Oct 2017|
|3com Inc||Unknown||25 Sep 2017||25 Sep 2017|
|ACCESS||Unknown||25 Sep 2017||25 Sep 2017|
|Actiontec||Unknown||25 Sep 2017||25 Sep 2017|
|Aerohive||Unknown||25 Sep 2017||25 Sep 2017|
|Alcatel-Lucent||Unknown||25 Sep 2017||25 Sep 2017|
|Amazon||Unknown||25 Sep 2017||25 Sep 2017|
|Android Open Source Project||Unknown||25 Sep 2017||25 Sep 2017|
|Apple||Unknown||25 Sep 2017||25 Sep 2017|
|Arch Linux||Unknown||25 Sep 2017||25 Sep 2017|
|Arista Networks, Inc.||Unknown||25 Sep 2017||25 Sep 2017|
|Aruba Networks||Unknown||25 Sep 2017||25 Sep 2017|
|AsusTek Computer Inc.||Unknown||25 Sep 2017||25 Sep 2017|
|AT&T||Unknown||25 Sep 2017||25 Sep 2017|
CVSS Metrics (Learn More)
Thanks to Felix Wilhelm, Fermin J. Serna, Gabriel Campana, Kevin Hamacher and Ron Bowes of the Google Security Team for reporting this vulnerability.
This document was written by Trent Novelly.
- CVE IDs: CVE-2017-14491 CVE-2017-14492 CVE-2017-14493 CVE-2017-14494 CVE-2017-14495 CVE-2017-14496
- Date Public: 02 Oct 2017
- Date First Published: 02 Oct 2017
- Date Last Updated: 18 Oct 2017
- Document Revision: 21
If you have feedback, comments, or additional information about this vulnerability, please send us email.