{"id":"ASB-A-158221622","details":"In do_rfc1035_name of util.c, there is a possible out of bounds write due to a missing bounds check. This could lead to remote code execution when processing a malicious DNS server response with no additional execution privileges needed. User interaction is not needed for exploitation.","aliases":["A-158221622","CVE-2017-14491"],"modified":"2026-04-10T16:16:18.068628Z","published":"2021-03-01T00:00:00Z","references":[{"type":"ADVISORY","url":"https://source.android.com/security/bulletin/2021-03-01"},{"type":"FIX","url":"https://android.googlesource.com/platform/external/dnsmasq/+/10ba39da6b98043989b1a604f533d5b647ee7bda"}],"affected":[{"package":{"name":"platform/external/dnsmasq","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"8.1:0"},{"fixed":"8.1:2021-03-01"}]}],"versions":["8.1"],"ecosystem_specific":{"types":["RCE"],"fixes":["https://android.googlesource.com/platform/external/dnsmasq/+/303ca2733ad5d3994cd728dc09f0cd2d2417b4f3"],"severity":"High","spl":"2021-03-01","vanir_signatures":[{"deprecated":false,"signature_type":"Function","signature_version":"v1","digest":{"function_hash":"162458565224829946421372831959483740881","length":6861},"id":"ASB-A-158221622-0344eb18","target":{"file":"src/rfc2131.c","function":"do_options"},"source":"https://android.googlesource.com/platform/external/dnsmasq/+/303ca2733ad5d3994cd728dc09f0cd2d2417b4f3"},{"deprecated":false,"signature_type":"Line","signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["217854428117377674532267996039918772013","43648120592988253730034854790366781738","57386962300981428208846294219822354215","304154459154909846645163256841724404608","224974808018684562648974000672839772330","325194588541423036781836077957232910978","309096648165111573009863075609262180544","80396104491959126564777430550221699938","8578127251865709711860861532392201544","169449122588333765233019457523052333646","331151991182132876839916014651964821013","152420965880575586992244532992219438036","151693177419669467383946400561150163540","31215056461053245086313977829873081171","178514967562334984426913672967038853655","144780977323774009524308345230588164888","51868118088969149951287384131595214351","14055316489066247351492265426245748070","103418073411632660715848744222145949351","250456744722504721118021849494472325686","57247964364990005774468515776074086444","15599859052964189394407928238828937286","53251924311417110324001553212674332926","316336033049206856395795390507318045956","160445757600701167799093436761065311868","171407625005635586175844966113814790838","214578575678500296817519669206509174188","13076961297668213645678333445923651741","220948153173605541237095624607890097697","50796571979299064715830277666305298702","186634340679100759055250054347394627677","260058977475281412703727539129161786235","199837888849012419145090425936477804066","41103398534407436600778553430567535131","188961978046561843530620875163856389301","291620234575402167848259853717980807454","301048879624348813421128866477630129462","268078213131837158958054204753854687147","150726096376309782868356282109631542144","322278473870866034300562448626380895154","273893577181609265186390183692724110550","330189309478950794296916335380975834073","4340055482170932120388764464133992748","195314304563003861451704894980967567755","302349116585490409328581135906903145840","162335286663681041107221213470136103984","199194420458341360863478119460906650896","168251393976060736762550743855089531120","338519390552415198169683564395371135407","160387967427261454983567205194816812459"]},"id":"ASB-A-158221622-16ab25f8","target":{"file":"src/rfc1035.c"},"source":"https://android.googlesource.com/platform/external/dnsmasq/+/303ca2733ad5d3994cd728dc09f0cd2d2417b4f3"},{"deprecated":false,"signature_type":"Line","signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["132042513747029753654950249268879540507","126901818832190287849067236166539256379","128327396168134251452861278688767791756","28848303327666793749125375779172742835","307847417026219077737274622817937680250","154238861895709870974426123225833263390","197641506503504348314223819268446352433","278252406156417547971748352370358190424","143071973790399233996553095901262450362","104044610199258243271745676366951781041","95969651691789652040695707777706086491"]},"id":"ASB-A-158221622-60ba5241","target":{"file":"src/util.c"},"source":"https://android.googlesource.com/platform/external/dnsmasq/+/303ca2733ad5d3994cd728dc09f0cd2d2417b4f3"},{"deprecated":false,"signature_type":"Line","signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["32536974151175546352236820138741518712","207646895399757484443368230252900344273","54675262604085585448261549738853773141","75013338563002493111625771299861669832"]},"id":"ASB-A-158221622-686df127","target":{"file":"src/dnsmasq.h"},"source":"https://android.googlesource.com/platform/external/dnsmasq/+/303ca2733ad5d3994cd728dc09f0cd2d2417b4f3"},{"deprecated":false,"signature_type":"Line","signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["133399028408336107379483603308129307468","339755853067845683964278642577791022682","64764052426668362163728741826650423600","166437949055073491130106315388908484102","101083139149393101380667559522027589921","313118125519799017854563810870969450547"]},"id":"ASB-A-158221622-75524386","target":{"file":"src/rfc2131.c"},"source":"https://android.googlesource.com/platform/external/dnsmasq/+/303ca2733ad5d3994cd728dc09f0cd2d2417b4f3"},{"deprecated":false,"signature_type":"Function","signature_version":"v1","digest":{"function_hash":"301401926471252861698321039039331984585","length":295},"id":"ASB-A-158221622-e7f23bda","target":{"file":"src/util.c","function":"do_rfc1035_name"},"source":"https://android.googlesource.com/platform/external/dnsmasq/+/303ca2733ad5d3994cd728dc09f0cd2d2417b4f3"}]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-158221622.json"}},{"package":{"name":"platform/external/dnsmasq","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"9:0"},{"fixed":"9:2021-03-01"}]}],"versions":["9"],"ecosystem_specific":{"types":["RCE"],"fixes":["https://android.googlesource.com/platform/external/dnsmasq/+/303ca2733ad5d3994cd728dc09f0cd2d2417b4f3"],"severity":"High","spl":"2021-03-01","vanir_signatures":[{"deprecated":false,"signature_type":"Function","signature_version":"v1","digest":{"function_hash":"301401926471252861698321039039331984585","length":295},"id":"ASB-A-158221622-0de6b284","target":{"file":"src/util.c","function":"do_rfc1035_name"},"source":"https://android.googlesource.com/platform/external/dnsmasq/+/303ca2733ad5d3994cd728dc09f0cd2d2417b4f3"},{"deprecated":false,"signature_type":"Function","signature_version":"v1","digest":{"function_hash":"162458565224829946421372831959483740881","length":6861},"id":"ASB-A-158221622-55884840","target":{"file":"src/rfc2131.c","function":"do_options"},"source":"https://android.googlesource.com/platform/external/dnsmasq/+/303ca2733ad5d3994cd728dc09f0cd2d2417b4f3"},{"deprecated":false,"signature_type":"Line","signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["133399028408336107379483603308129307468","339755853067845683964278642577791022682","64764052426668362163728741826650423600","166437949055073491130106315388908484102","101083139149393101380667559522027589921","313118125519799017854563810870969450547"]},"id":"ASB-A-158221622-62865ed4","target":{"file":"src/rfc2131.c"},"source":"https://android.googlesource.com/platform/external/dnsmasq/+/303ca2733ad5d3994cd728dc09f0cd2d2417b4f3"},{"deprecated":false,"signature_type":"Line","signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["217854428117377674532267996039918772013","43648120592988253730034854790366781738","57386962300981428208846294219822354215","304154459154909846645163256841724404608","224974808018684562648974000672839772330","325194588541423036781836077957232910978","309096648165111573009863075609262180544","80396104491959126564777430550221699938","8578127251865709711860861532392201544","169449122588333765233019457523052333646","331151991182132876839916014651964821013","152420965880575586992244532992219438036","151693177419669467383946400561150163540","31215056461053245086313977829873081171","178514967562334984426913672967038853655","144780977323774009524308345230588164888","51868118088969149951287384131595214351","14055316489066247351492265426245748070","103418073411632660715848744222145949351","250456744722504721118021849494472325686","57247964364990005774468515776074086444","15599859052964189394407928238828937286","53251924311417110324001553212674332926","316336033049206856395795390507318045956","160445757600701167799093436761065311868","171407625005635586175844966113814790838","214578575678500296817519669206509174188","13076961297668213645678333445923651741","220948153173605541237095624607890097697","50796571979299064715830277666305298702","186634340679100759055250054347394627677","260058977475281412703727539129161786235","199837888849012419145090425936477804066","41103398534407436600778553430567535131","188961978046561843530620875163856389301","291620234575402167848259853717980807454","301048879624348813421128866477630129462","268078213131837158958054204753854687147","150726096376309782868356282109631542144","322278473870866034300562448626380895154","273893577181609265186390183692724110550","330189309478950794296916335380975834073","4340055482170932120388764464133992748","195314304563003861451704894980967567755","302349116585490409328581135906903145840","162335286663681041107221213470136103984","199194420458341360863478119460906650896","168251393976060736762550743855089531120","338519390552415198169683564395371135407","160387967427261454983567205194816812459"]},"id":"ASB-A-158221622-730f5eb1","target":{"file":"src/rfc1035.c"},"source":"https://android.googlesource.com/platform/external/dnsmasq/+/303ca2733ad5d3994cd728dc09f0cd2d2417b4f3"},{"deprecated":false,"signature_type":"Line","signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["32536974151175546352236820138741518712","207646895399757484443368230252900344273","54675262604085585448261549738853773141","75013338563002493111625771299861669832"]},"id":"ASB-A-158221622-89187252","target":{"file":"src/dnsmasq.h"},"source":"https://android.googlesource.com/platform/external/dnsmasq/+/303ca2733ad5d3994cd728dc09f0cd2d2417b4f3"},{"deprecated":false,"signature_type":"Line","signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["132042513747029753654950249268879540507","126901818832190287849067236166539256379","128327396168134251452861278688767791756","28848303327666793749125375779172742835","307847417026219077737274622817937680250","154238861895709870974426123225833263390","197641506503504348314223819268446352433","278252406156417547971748352370358190424","143071973790399233996553095901262450362","104044610199258243271745676366951781041","95969651691789652040695707777706086491"]},"id":"ASB-A-158221622-cff2c227","target":{"file":"src/util.c"},"source":"https://android.googlesource.com/platform/external/dnsmasq/+/303ca2733ad5d3994cd728dc09f0cd2d2417b4f3"}]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-158221622.json"}},{"package":{"name":"platform/external/dnsmasq","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"10:0"},{"fixed":"10:2021-03-01"}]}],"versions":["10"],"ecosystem_specific":{"types":["RCE"],"fixes":["https://android.googlesource.com/platform/external/dnsmasq/+/2c415e570aed0b955698238a274a50f3ffa4892e"],"severity":"High","spl":"2021-03-01","vanir_signatures":[{"deprecated":false,"signature_type":"Line","signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["2393832294460207506455356201121214719","1638661168393819073534228807670522003","207190577059766435777475983468507136088","207506601627527498187252390255768500181","223327283728248363640070729941531384226"]},"id":"ASB-A-158221622-20fb12c1","target":{"file":"src/rfc2131.c"},"source":"https://android.googlesource.com/platform/external/dnsmasq/+/2c415e570aed0b955698238a274a50f3ffa4892e"},{"deprecated":false,"signature_type":"Line","signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["32536974151175546352236820138741518712","207646895399757484443368230252900344273","54675262604085585448261549738853773141","75013338563002493111625771299861669832"]},"id":"ASB-A-158221622-5593d378","target":{"file":"src/dnsmasq.h"},"source":"https://android.googlesource.com/platform/external/dnsmasq/+/2c415e570aed0b955698238a274a50f3ffa4892e"},{"deprecated":false,"signature_type":"Line","signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["217854428117377674532267996039918772013","36132878024688571983446260084484059464","105339482368999494887802954674943862084","327515867854188473538696844128462025330","321725004099758794497075724839069532971","309096648165111573009863075609262180544","6020877017987241309335148471723097710","263045324710632496433027244551237464518","173812342196669733581330259071702623770","249072087868749935939564005106888602989","31215056461053245086313977829873081171","178514967562334984426913672967038853655","144780977323774009524308345230588164888","51868118088969149951287384131595214351","14055316489066247351492265426245748070","103418073411632660715848744222145949351","250456744722504721118021849494472325686","57247964364990005774468515776074086444","15599859052964189394407928238828937286","53251924311417110324001553212674332926","316336033049206856395795390507318045956","160445757600701167799093436761065311868","171407625005635586175844966113814790838","214578575678500296817519669206509174188","13076961297668213645678333445923651741","131123863960050177167932866741363129089","160182064988688580016306401266685620216","159182280549022970349592896586397268848","260058977475281412703727539129161786235","199837888849012419145090425936477804066","41103398534407436600778553430567535131","188961978046561843530620875163856389301","291620234575402167848259853717980807454","35214522144815992430888815473278416503","60430241211830127844812425551703616459","255704853578068086475969010354690637812","202449508865028993870205619788290606888","273893577181609265186390183692724110550","330189309478950794296916335380975834073","4340055482170932120388764464133992748","195314304563003861451704894980967567755","302349116585490409328581135906903145840","24014084304464386653939171758140813846","289355252321653085214004065053319852963","16715491826526190782043685149759744263","44345470189972663709022213664900801471"]},"id":"ASB-A-158221622-60561896","target":{"file":"src/rfc1035.c"},"source":"https://android.googlesource.com/platform/external/dnsmasq/+/2c415e570aed0b955698238a274a50f3ffa4892e"},{"deprecated":false,"signature_type":"Function","signature_version":"v1","digest":{"function_hash":"301401926471252861698321039039331984585","length":295},"id":"ASB-A-158221622-65c38db8","target":{"file":"src/util.c","function":"do_rfc1035_name"},"source":"https://android.googlesource.com/platform/external/dnsmasq/+/2c415e570aed0b955698238a274a50f3ffa4892e"},{"deprecated":false,"signature_type":"Line","signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["66059968515983766595588356657807968741","93552314553962141108908128600409916038","99166625873620284453094629846079119101","71919248373557547058448304497520927462","22467582611022025635742056393101486576","256010237104318986458659613585421189154","17814034393420125245472311605543773764","258820809828615559735777116102843363751"]},"id":"ASB-A-158221622-757d90d1","target":{"file":"src/util.c"},"source":"https://android.googlesource.com/platform/external/dnsmasq/+/2c415e570aed0b955698238a274a50f3ffa4892e"},{"deprecated":false,"signature_type":"Function","signature_version":"v1","digest":{"function_hash":"162458565224829946421372831959483740881","length":6861},"id":"ASB-A-158221622-ef2a47f8","target":{"file":"src/rfc2131.c","function":"do_options"},"source":"https://android.googlesource.com/platform/external/dnsmasq/+/2c415e570aed0b955698238a274a50f3ffa4892e"}]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-158221622.json"}},{"package":{"name":"platform/external/dnsmasq","ecosystem":"Android"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"11:0"},{"fixed":"11:2021-03-01"}]}],"versions":["11"],"ecosystem_specific":{"types":["RCE"],"fixes":["https://android.googlesource.com/platform/external/dnsmasq/+/2c415e570aed0b955698238a274a50f3ffa4892e"],"severity":"High","spl":"2021-03-01","vanir_signatures":[{"deprecated":false,"signature_type":"Function","signature_version":"v1","digest":{"function_hash":"162458565224829946421372831959483740881","length":6861},"id":"ASB-A-158221622-027a97af","target":{"file":"src/rfc2131.c","function":"do_options"},"source":"https://android.googlesource.com/platform/external/dnsmasq/+/2c415e570aed0b955698238a274a50f3ffa4892e"},{"deprecated":false,"signature_type":"Line","signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["66059968515983766595588356657807968741","93552314553962141108908128600409916038","99166625873620284453094629846079119101","71919248373557547058448304497520927462","22467582611022025635742056393101486576","256010237104318986458659613585421189154","17814034393420125245472311605543773764","258820809828615559735777116102843363751"]},"id":"ASB-A-158221622-0f5cf732","target":{"file":"src/util.c"},"source":"https://android.googlesource.com/platform/external/dnsmasq/+/2c415e570aed0b955698238a274a50f3ffa4892e"},{"deprecated":false,"signature_type":"Line","signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["217854428117377674532267996039918772013","36132878024688571983446260084484059464","105339482368999494887802954674943862084","327515867854188473538696844128462025330","321725004099758794497075724839069532971","309096648165111573009863075609262180544","6020877017987241309335148471723097710","263045324710632496433027244551237464518","173812342196669733581330259071702623770","249072087868749935939564005106888602989","31215056461053245086313977829873081171","178514967562334984426913672967038853655","144780977323774009524308345230588164888","51868118088969149951287384131595214351","14055316489066247351492265426245748070","103418073411632660715848744222145949351","250456744722504721118021849494472325686","57247964364990005774468515776074086444","15599859052964189394407928238828937286","53251924311417110324001553212674332926","316336033049206856395795390507318045956","160445757600701167799093436761065311868","171407625005635586175844966113814790838","214578575678500296817519669206509174188","13076961297668213645678333445923651741","131123863960050177167932866741363129089","160182064988688580016306401266685620216","159182280549022970349592896586397268848","260058977475281412703727539129161786235","199837888849012419145090425936477804066","41103398534407436600778553430567535131","188961978046561843530620875163856389301","291620234575402167848259853717980807454","35214522144815992430888815473278416503","60430241211830127844812425551703616459","255704853578068086475969010354690637812","202449508865028993870205619788290606888","273893577181609265186390183692724110550","330189309478950794296916335380975834073","4340055482170932120388764464133992748","195314304563003861451704894980967567755","302349116585490409328581135906903145840","24014084304464386653939171758140813846","289355252321653085214004065053319852963","16715491826526190782043685149759744263","44345470189972663709022213664900801471"]},"id":"ASB-A-158221622-61694ac2","target":{"file":"src/rfc1035.c"},"source":"https://android.googlesource.com/platform/external/dnsmasq/+/2c415e570aed0b955698238a274a50f3ffa4892e"},{"deprecated":false,"signature_type":"Line","signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["32536974151175546352236820138741518712","207646895399757484443368230252900344273","54675262604085585448261549738853773141","75013338563002493111625771299861669832"]},"id":"ASB-A-158221622-76c8650e","target":{"file":"src/dnsmasq.h"},"source":"https://android.googlesource.com/platform/external/dnsmasq/+/2c415e570aed0b955698238a274a50f3ffa4892e"},{"deprecated":false,"signature_type":"Function","signature_version":"v1","digest":{"function_hash":"301401926471252861698321039039331984585","length":295},"id":"ASB-A-158221622-7ae78c03","target":{"file":"src/util.c","function":"do_rfc1035_name"},"source":"https://android.googlesource.com/platform/external/dnsmasq/+/2c415e570aed0b955698238a274a50f3ffa4892e"},{"deprecated":false,"signature_type":"Line","signature_version":"v1","digest":{"threshold":0.9,"line_hashes":["2393832294460207506455356201121214719","1638661168393819073534228807670522003","207190577059766435777475983468507136088","207506601627527498187252390255768500181","223327283728248363640070729941531384226"]},"id":"ASB-A-158221622-9f01be69","target":{"file":"src/rfc2131.c"},"source":"https://android.googlesource.com/platform/external/dnsmasq/+/2c415e570aed0b955698238a274a50f3ffa4892e"}]},"database_specific":{"source":"https://storage.googleapis.com/android-osv/ASB-A-158221622.json"}}],"schema_version":"1.7.5"}