{"id":"CVE-2017-14491","details":"Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response.","aliases":["A-158221622","ASB-A-158221622"],"modified":"2026-04-02T00:03:28.265327Z","published":"2017-10-04T01:29:02.870Z","related":["MGASA-2017-0364","MGASA-2017-0367","SUSE-SU-2017:2616-1","SUSE-SU-2017:2617-1","SUSE-SU-2017:2618-1","SUSE-SU-2017:2619-1","openSUSE-SU-2024:10721-1"],"references":[{"type":"WEB","url":"http://thekelleys.org.uk/gitweb/?p=dnsmasq.git%3Ba=commit%3Bh=0549c73b7ea6b22a3c49beb4d432f185a81efcbc"},{"type":"WEB","url":"http://www.securityfocus.com/bid/101085"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/527KNN34RN2SB6MBJG7CKSEBWYE3TJEB/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YXRZ2W6TV6NLUJC5NOFBSG6PZSMDTYPV/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5MMPCJOYPPL4B5RBY4U425PWG7EETDTD/"},{"type":"WEB","url":"https://www.mail-archive.com/dnsmasq-discuss%40lists.thekelleys.org.uk/msg11664.html"},{"type":"WEB","url":"http://www.securitytracker.com/id/1039474"},{"type":"WEB","url":"http://www.securityfocus.com/bid/101977"},{"type":"WEB","url":"https://www.mail-archive.com/dnsmasq-discuss%40lists.thekelleys.org.uk/msg11665.html"},{"type":"ADVISORY","url":"http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-005.txt"},{"type":"ADVISORY","url":"http://www.debian.org/security/2017/dsa-3989"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/201710-27"},{"type":"ADVISORY","url":"https://www.arista.com/en/support/advisories-notices/security-advisories/3577-security-advisory-30"},{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00006.html"},{"type":"ADVISORY","url":"http://nvidia.custhelp.com/app/answers/detail/a_id/4560"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2017:2839"},{"type":"ADVISORY","url":"http://nvidia.custhelp.com/app/answers/detail/a_id/4561"},{"type":"ADVISORY","url":"http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171103-01-dnsmasq-en"},{"type":"ADVISORY","url":"https://www.debian.org/security/2017/dsa-3989"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2017:2838"},{"type":"ADVISORY","url":"https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html"},{"type":"ADVISORY","url":"https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-449"},{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00004.html"},{"type":"ADVISORY","url":"http://thekelleys.org.uk/dnsmasq/CHANGELOG"},{"type":"ADVISORY","url":"http://www.ubuntu.com/usn/USN-3430-1"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2017:2840"},{"type":"ADVISORY","url":"https://www.kb.cert.org/vuls/id/973527"},{"type":"ADVISORY","url":"https://www.synology.com/support/security/Synology_SA_17_59_Dnsmasq"},{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00005.html"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2017:2837"},{"type":"ADVISORY","url":"https://access.redhat.com/security/vulnerabilities/3199382"},{"type":"ADVISORY","url":"http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00003.html"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2017:2836"},{"type":"ADVISORY","url":"https://access.redhat.com/errata/RHSA-2017:2841"},{"type":"ADVISORY","url":"https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-449/"},{"type":"ADVISORY","url":"http://www.ubuntu.com/usn/USN-3430-2"},{"type":"ADVISORY","url":"http://www.ubuntu.com/usn/USN-3430-3"},{"type":"FIX","url":"https://cert-portal.siemens.com/productcert/pdf/ssa-689071.pdf"},{"type":"EVIDENCE","url":"https://www.exploit-db.com/exploits/42941/"},{"type":"EVIDENCE","url":"http://packetstormsecurity.com/files/144480/Dnsmasq-2-Byte-Heap-Based-Overflow.html"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/infrastructureservices/dnsmasq","events":[{"introduced":"0"},{"last_affected":"74ea91531a5f0c6ad8c4bcc5f6bda55bf2c2acb1"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"2.77"}]}}],"versions":["v2.0","v2.1","v2.10","v2.11","v2.12","v2.13","v2.14","v2.15","v2.16","v2.17","v2.18","v2.19","v2.2","v2.20","v2.21","v2.22","v2.23","v2.24","v2.25","v2.26","v2.27","v2.28","v2.29","v2.3","v2.30","v2.31","v2.32","v2.33","v2.34","v2.35","v2.36","v2.37","v2.38","v2.39","v2.4","v2.40","v2.41","v2.42","v2.43","v2.44","v2.45","v2.46","v2.47","v2.48","v2.49","v2.5","v2.50","v2.51","v2.52","v2.53","v2.55","v2.56","v2.57","v2.58","v2.59","v2.6","v2.60","v2.60rc1","v2.60rc2","v2.60rc3","v2.60rc4","v2.60rc5","v2.60test10","v2.60test11","v2.60test12","v2.60test13","v2.60test14","v2.60test15","v2.60test16","v2.60test17","v2.60test18","v2.60test7","v2.60test8","v2.60test9","v2.61","v2.61rc1","v2.61rc2","v2.61rc3","v2.61rc4","v2.61test10","v2.61test11","v2.61test2","v2.61test3","v2.61test4","v2.61test5","v2.61test6","v2.61test7","v2.61test8","v2.61test9","v2.62","v2.62rc1","v2.62rc2","v2.62rc3","v2.62test1","v2.62test2","v2.62test3","v2.62test4","v2.63","v2.63rc1","v2.63rc2","v2.63rc3","v2.63rc4","v2.63rc5","v2.63rc6","v2.63test1","v2.63test2","v2.63test3","v2.64","v2.64rc1","v2.64rc2","v2.64rc3","v2.64test1","v2.64test2","v2.64test3","v2.64test4","v2.64test5","v2.64test6","v2.64test7","v2.65","v2.65test1","v2.65test2","v2.65test3","v2.65test4","v2.66","v2.66rc1","v2.66rc2","v2.66rc3","v2.66rc4","v2.66rc5","v2.66test1","v2.66test10","v2.66test11","v2.66test12","v2.66test13","v2.66test14","v2.66test15","v2.66test16","v2.66test17","v2.66test18","v2.66test19","v2.66test2","v2.66test20","v2.66test21","v2.66test22","v2.66test23","v2.66test3","v2.66test4","v2.66test5","v2.66test6","v2.66test7","v2.66test8","v2.66test9","v2.67","v2.67rc1","v2.67rc2","v2.67rc3","v2.67rc4","v2.67test1","v2.67test10","v2.67test11","v2.67test12","v2.67test13","v2.67test14","v2.67test15","v2.67test16","v2.67test17","v2.67test18","v2.67test2","v2.67test3","v2.67test4","v2.67test5","v2.67test6","v2.67test7","v2.67test8","v2.67test9","v2.68","v2.68rc1","v2.68rc2","v2.68rc3","v2.68rc4","v2.68rc5","v2.68test1","v2.68test2","v2.69","v2.69rc1","v2.69rc2","v2.69rc3","v2.69rc4","v2.69test1","v2.69test10","v2.69test11","v2.69test2","v2.69test3","v2.69test4","v2.69test5","v2.69test6","v2.69test7","v2.69test8","v2.69test9","v2.7","v2.70","v2.71","v2.71test1","v2.71test2","v2.72","v2.72rc1","v2.72rc2","v2.72test1","v2.72test2","v2.72test3","v2.73","v2.73rc1","v2.73rc10","v2.73rc2","v2.73rc3","v2.73rc4","v2.73rc5","v2.73rc6","v2.73rc7","v2.73rc8","v2.73rc9","v2.73test1","v2.73test2","v2.73test3","v2.73test4","v2.73test5","v2.73test6","v2.74","v2.74rc1","v2.74rc2","v2.74rc3","v2.74rc4","v2.74test1","v2.74test2","v2.75","v2.76","v2.76rc1","v2.76rc2","v2.76test1","v2.76test10","v2.76test11","v2.76test12","v2.76test13","v2.76test2","v2.76test3","v2.76test4","v2.76test5","v2.76test6","v2.76test7","v2.76test8","v2.76test9","v2.77","v2.77rc1","v2.77rc2","v2.77rc3","v2.77rc4","v2.77rc5","v2.77test1","v2.77test2","v2.77test3","v2.77test4","v2.77test5","v2.8","v2.9"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-14491.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"6.0"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0"}]},{"events":[{"introduced":"0"},{"last_affected":"6.0"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0"}]},{"events":[{"introduced":"0"},{"last_affected":"6.0"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0"}]},{"events":[{"introduced":"0"},{"last_affected":"12.04"}]},{"events":[{"introduced":"0"},{"last_affected":"12.04"}]},{"events":[{"introduced":"0"},{"last_affected":"14.04"}]},{"events":[{"introduced":"0"},{"last_affected":"16.04"}]},{"events":[{"introduced":"0"},{"last_affected":"17.04"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0"}]},{"events":[{"introduced":"0"},{"last_affected":"7.1"}]},{"events":[{"introduced":"0"},{"last_affected":"8.0"}]},{"events":[{"introduced":"0"},{"last_affected":"9.0"}]},{"events":[{"introduced":"0"},{"last_affected":"42.2"}]},{"events":[{"introduced":"0"},{"last_affected":"42.3"}]},{"events":[{"introduced":"0"},{"last_affected":"11-sp3"}]},{"events":[{"introduced":"0"},{"last_affected":"11-sp4"}]},{"events":[{"introduced":"0"},{"last_affected":"11-sp3"}]},{"events":[{"introduced":"0"},{"last_affected":"11-sp3"}]},{"events":[{"introduced":"0"},{"last_affected":"11-sp4"}]},{"events":[{"introduced":"0"},{"last_affected":"12"}]},{"events":[{"introduced":"0"},{"fixed":"r21.6"}]},{"events":[{"introduced":"0"},{"fixed":"r24.2.2"}]},{"events":[{"introduced":"3.0"},{"fixed":"3.10.0.55"}]},{"events":[{"introduced":"0"},{"fixed":"jimmy-al00ac00b135"}]},{"events":[{"introduced":"0"},{"last_affected":"4.15"}]},{"events":[{"introduced":"4.16"},{"fixed":"4.16.13m"}]},{"events":[{"introduced":"4.17"},{"fixed":"4.17.8m"}]},{"events":[{"introduced":"4.18"},{"last_affected":"4.18.4.2f"}]},{"events":[{"introduced":"0"},{"fixed":"5.0"}]},{"events":[{"introduced":"0"},{"fixed":"5.0"}]},{"events":[{"introduced":"0"},{"fixed":"5.0"}]},{"events":[{"introduced":"0"},{"fixed":"6.5.1.5"}]},{"events":[{"introduced":"6.3.1"},{"fixed":"6.3.1.25"}]},{"events":[{"introduced":"6.4.4.0"},{"fixed":"6.4.4.16"}]},{"events":[{"introduced":"6.5.0.0"},{"fixed":"6.5.1.9"}]},{"events":[{"introduced":"6.5.3.0"},{"fixed":"6.5.3.3"}]},{"events":[{"introduced":"6.5.4.0"},{"fixed":"6.5.4.2"}]},{"events":[{"introduced":"8.1.0.0"},{"fixed":"8.1.0.4"}]},{"events":[{"introduced":"0"},{"last_affected":"1.1"}]},{"events":[{"introduced":"0"},{"last_affected":"5.2"}]},{"events":[{"introduced":"0"},{"last_affected":"6.0"}]},{"events":[{"introduced":"0"},{"last_affected":"6.1"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}