Overview
Dnsmasq versions 2.77 and earlier contains multiple vulnerabilities.
Description
Multiple vulnerabilities have been reported in dnsmasq. CWE-122: Heap-based Buffer Overflow - CVE-2017-14491 |
Impact
Dnsmasq is a widely used piece of open-source software. These vulnerabilities can be triggered remotely via DNS and DHCP protocols and can lead to remote code execution, information exposure, and denial of service. In some cases an attacker would need to induce one or more DNS requests. |
Solution
Apply an Update |
Vendor Information
Ruckus Wireless
Notified: September 25, 2017 Updated: February 02, 2018
Status
Affected
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Vendor References
https://www.ruckuswireless.com/security
Addendum
There are no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Technicolor
Updated: October 18, 2017
Statement Date: October 18, 2017
Status
Affected
Vendor Statement
We issued a security bulletin through the FIRST mailing list.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Addendum
There are no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
ZyXEL
Notified: September 25, 2017 Updated: February 02, 2018
Status
Affected
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Vendor References
https://www.zyxel.com/support/announcement_dnsmasq_vulnerabilities.shtml
Addendum
There are no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
dnsmasq
Notified: September 25, 2017 Updated: October 02, 2017
Status
Affected
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Addendum
There are no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Brocade Communication Systems
Notified: September 25, 2017 Updated: February 02, 2018
Status
Not Affected
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Vendor Information
We are not aware of further vendor information regarding this vulnerability.
Addendum
There are no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
3com Inc
Notified: September 25, 2017 Updated: September 25, 2017
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Addendum
There are no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
ACCESS
Notified: September 25, 2017 Updated: September 25, 2017
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Addendum
There are no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
AT&T
Notified: September 25, 2017 Updated: September 25, 2017
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Addendum
There are no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Actiontec
Notified: September 25, 2017 Updated: September 25, 2017
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Addendum
There are no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Aerohive
Notified: September 25, 2017 Updated: September 25, 2017
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Addendum
There are no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Alcatel-Lucent
Notified: September 25, 2017 Updated: September 25, 2017
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Addendum
There are no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Amazon
Notified: September 25, 2017 Updated: September 25, 2017
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Addendum
There are no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Android Open Source Project
Notified: September 25, 2017 Updated: September 25, 2017
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Addendum
There are no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Apple
Notified: September 25, 2017 Updated: September 25, 2017
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Addendum
There are no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Arch Linux
Notified: September 25, 2017 Updated: September 25, 2017
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Addendum
There are no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Arista Networks, Inc.
Notified: September 25, 2017 Updated: September 25, 2017
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Addendum
There are no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Aruba Networks
Notified: September 25, 2017 Updated: September 25, 2017
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Addendum
There are no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
AsusTek Computer Inc.
Notified: September 25, 2017 Updated: September 25, 2017
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Addendum
There are no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Avaya, Inc.
Notified: September 25, 2017 Updated: September 25, 2017
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Addendum
There are no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Belkin, Inc.
Notified: September 25, 2017 Updated: September 25, 2017
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Addendum
There are no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Broadcom
Notified: September 25, 2017 Updated: September 25, 2017
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Addendum
There are no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
CA Technologies
Notified: September 25, 2017 Updated: September 25, 2017
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Addendum
There are no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Check Point Software Technologies
Notified: September 25, 2017 Updated: September 25, 2017
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Addendum
There are no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Cisco
Notified: September 25, 2017 Updated: September 25, 2017
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Addendum
There are no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
CoreOS
Notified: September 25, 2017 Updated: September 25, 2017
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Addendum
There are no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
D-Link Systems, Inc.
Notified: September 25, 2017 Updated: September 25, 2017
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Addendum
There are no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Debian GNU/Linux
Notified: September 25, 2017 Updated: September 25, 2017
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Addendum
There are no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Dell
Notified: September 25, 2017 Updated: September 25, 2017
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Addendum
There are no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
DesktopBSD
Notified: September 25, 2017 Updated: September 25, 2017
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Addendum
There are no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Devicescape
Notified: September 25, 2017 Updated: September 25, 2017
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Addendum
There are no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
DragonFly BSD Project
Notified: September 25, 2017 Updated: September 25, 2017
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Addendum
There are no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
EMC Corporation
Notified: September 25, 2017 Updated: September 25, 2017
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Addendum
There are no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
EfficientIP SAS
Notified: September 25, 2017 Updated: September 25, 2017
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Addendum
There are no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Ericsson
Notified: September 25, 2017 Updated: September 25, 2017
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Addendum
There are no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Espressif Systems
Notified: September 25, 2017 Updated: September 25, 2017
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Addendum
There are no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Extreme Networks
Notified: September 26, 2017 Updated: September 26, 2017
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Addendum
There are no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
F5 Networks, Inc.
Notified: September 25, 2017 Updated: September 25, 2017
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Addendum
There are no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Fedora Project
Notified: September 25, 2017 Updated: September 25, 2017
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Addendum
There are no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Force10 Networks
Notified: September 25, 2017 Updated: September 25, 2017
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Addendum
There are no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
FreeBSD Project
Notified: September 25, 2017 Updated: September 25, 2017
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Addendum
There are no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
GNU glibc
Notified: September 25, 2017 Updated: September 25, 2017
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Addendum
There are no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Notified: September 25, 2017 Updated: September 25, 2017
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Addendum
There are no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
HTC
Notified: September 25, 2017 Updated: September 25, 2017
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Addendum
There are no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
HardenedBSD
Notified: September 25, 2017 Updated: September 25, 2017
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Addendum
There are no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Hewlett Packard Enterprise
Notified: September 25, 2017 Updated: September 25, 2017
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Addendum
There are no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Hitachi
Notified: September 25, 2017 Updated: September 25, 2017
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Addendum
There are no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Huawei Technologies
Notified: September 25, 2017 Updated: September 25, 2017
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Addendum
There are no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
IBM, INC.
Notified: September 25, 2017 Updated: September 25, 2017
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Addendum
There are no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Infoblox
Notified: September 25, 2017 Updated: September 25, 2017
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Addendum
There are no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Intel Corporation
Notified: September 25, 2017 Updated: September 25, 2017
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Addendum
There are no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Internet Systems Consortium
Notified: September 25, 2017 Updated: September 25, 2017
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Addendum
There are no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Internet Systems Consortium - DHCP
Notified: September 25, 2017 Updated: September 25, 2017
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Addendum
There are no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Joyent
Notified: September 25, 2017 Updated: September 25, 2017
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Addendum
There are no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Juniper Networks
Notified: September 25, 2017 Updated: September 25, 2017
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Addendum
There are no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Lenovo
Notified: September 25, 2017 Updated: September 25, 2017
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Addendum
There are no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
McAfee
Notified: September 25, 2017 Updated: September 25, 2017
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Addendum
There are no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
MediaTek
Notified: September 25, 2017 Updated: September 25, 2017
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Addendum
There are no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Medtronic
Notified: September 25, 2017 Updated: September 25, 2017
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Addendum
There are no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Microsoft Corporation
Notified: September 25, 2017 Updated: September 25, 2017
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Addendum
There are no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Motorola, Inc.
Notified: September 25, 2017 Updated: September 25, 2017
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Addendum
There are no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
NEC Corporation
Notified: September 25, 2017 Updated: September 25, 2017
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Addendum
There are no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
NetBSD
Notified: September 25, 2017 Updated: September 25, 2017
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Addendum
There are no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Netgear, Inc.
Notified: September 25, 2017 Updated: September 25, 2017
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Addendum
There are no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Nokia
Notified: September 25, 2017 Updated: September 25, 2017
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Addendum
There are no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Nominum
Notified: September 25, 2017 Updated: September 25, 2017
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Addendum
There are no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
OmniTI
Notified: September 25, 2017 Updated: September 25, 2017
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Addendum
There are no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
OpenBSD
Notified: September 25, 2017 Updated: September 25, 2017
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Addendum
There are no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
OpenDNS
Notified: September 25, 2017 Updated: September 25, 2017
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Addendum
There are no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Openwall GNU/*/Linux
Notified: September 25, 2017 Updated: September 25, 2017
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Addendum
There are no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Oracle Corporation
Notified: September 25, 2017 Updated: September 25, 2017
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Addendum
There are no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Peplink
Notified: September 25, 2017 Updated: September 25, 2017
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Addendum
There are no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Philips Electronics
Notified: September 25, 2017 Updated: September 25, 2017
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Addendum
There are no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
PowerDNS
Notified: September 25, 2017 Updated: September 25, 2017
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Addendum
There are no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Pulse Secure
Notified: September 25, 2017 Updated: September 25, 2017
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Addendum
There are no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
QNX Software Systems Inc.
Notified: September 25, 2017 Updated: September 25, 2017
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Addendum
There are no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
QUALCOMM Incorporated
Notified: September 25, 2017 Updated: September 25, 2017
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Addendum
There are no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Quantenna Communications
Notified: September 25, 2017 Updated: September 25, 2017
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Addendum
There are no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Red Hat, Inc.
Notified: September 25, 2017 Updated: September 25, 2017
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Addendum
There are no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
SUSE Linux
Notified: September 25, 2017 Updated: September 25, 2017
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Addendum
There are no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
SafeNet
Notified: September 25, 2017 Updated: September 25, 2017
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Addendum
There are no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Samsung Mobile
Notified: September 25, 2017 Updated: September 25, 2017
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Addendum
There are no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Secure64 Software Corporation
Notified: September 25, 2017 Updated: September 25, 2017
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Addendum
There are no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Sierra Wireless
Notified: September 25, 2017 Updated: September 25, 2017
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Addendum
There are no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Slackware Linux Inc.
Notified: September 25, 2017 Updated: September 25, 2017
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Addendum
There are no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
SmoothWall
Notified: September 25, 2017 Updated: September 25, 2017
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Addendum
There are no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Snort
Notified: September 25, 2017 Updated: September 25, 2017
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Addendum
There are no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Sony Corporation
Notified: September 25, 2017 Updated: September 25, 2017
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Addendum
There are no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Sophos, Inc.
Notified: September 25, 2017 Updated: September 25, 2017
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Addendum
There are no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Sourcefire
Notified: September 25, 2017 Updated: September 25, 2017
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Addendum
There are no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Symantec
Notified: September 25, 2017 Updated: September 25, 2017
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Addendum
There are no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
TippingPoint Technologies Inc.
Notified: September 25, 2017 Updated: September 25, 2017
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Addendum
There are no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Toshiba Commerce Solutions
Notified: September 25, 2017 Updated: September 25, 2017
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Addendum
There are no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
TrueOS
Notified: September 25, 2017 Updated: September 25, 2017
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Addendum
There are no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Turbolinux
Notified: September 25, 2017 Updated: September 25, 2017
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Addendum
There are no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Ubiquiti Networks
Notified: September 25, 2017 Updated: September 25, 2017
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Addendum
There are no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Ubuntu
Notified: September 25, 2017 Updated: September 25, 2017
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Addendum
There are no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Unisys
Notified: September 25, 2017 Updated: September 25, 2017
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Addendum
There are no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
VMware
Notified: September 25, 2017 Updated: September 25, 2017
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Addendum
There are no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Wind River
Notified: September 25, 2017 Updated: September 25, 2017
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Addendum
There are no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
Zebra Technologies
Notified: September 25, 2017 Updated: September 25, 2017
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Addendum
There are no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
m0n0wall
Notified: September 25, 2017 Updated: September 25, 2017
Status
Unknown
Vendor Statement
No statement is currently available from the vendor regarding this vulnerability.
Addendum
There are no additional comments at this time.
If you have feedback, comments, or additional information about this vulnerability, please send us email.
CVSS Metrics
| Group | Score | Vector |
|---|---|---|
| Base | 10.0 | AV:N/AC:L/Au:N/C:C/I:C/A:C |
| Temporal | 8.7 | E:H/RL:OF/RC:C |
| Environmental | 8.7 | CDP:ND/TD:H/CR:ND/IR:ND/AR:ND |
References
Credit
Thanks to Felix Wilhelm, Fermin J. Serna, Gabriel Campana, Kevin Hamacher and Ron Bowes of the Google Security Team for reporting this vulnerability.
This document was written by Trent Novelly.
Other Information
| CVE IDs: | CVE-2017-14491, CVE-2017-14492, CVE-2017-14493, CVE-2017-14494, CVE-2017-14495, CVE-2017-14496 |
| Date Public: | 2017-10-02 |
| Date First Published: | 2017-10-02 |
| Date Last Updated: | 2018-02-02 14:16 UTC |
| Document Revision: | 25 |