CVE-2017-14491
- Source
- https://cve.org/CVERecord?id=CVE-2017-14491
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-14491.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2017-14491
- Aliases
-
- A-158221622
- ASB-A-158221622
- Downstream
- Related
- Published
- 2017-10-04T01:29:02.870Z
- Modified
- 2026-03-14T14:26:26.353110Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response.
- References
-
- http://www.securityfocus.com/bid/101085
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5MMPCJOYPPL4B5RBY4U425PWG7EETDTD/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YXRZ2W6TV6NLUJC5NOFBSG6PZSMDTYPV/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/527KNN34RN2SB6MBJG7CKSEBWYE3TJEB/
- http://thekelleys.org.uk/gitweb/?p=dnsmasq.git%3Ba=commit%3Bh=0549c73b7ea6b22a3c49beb4d432f185a81efcbc
- http://www.securitytracker.com/id/1039474
- http://www.securityfocus.com/bid/101977
- https://www.mail-archive.com/dnsmasq-discuss%40lists.thekelleys.org.uk/msg11664.html
- https://www.mail-archive.com/dnsmasq-discuss%40lists.thekelleys.org.uk/msg11665.html
- http://www.ubuntu.com/usn/USN-3430-1
- http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-005.txt
- https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-449
- http://nvidia.custhelp.com/app/answers/detail/a_id/4560
- https://access.redhat.com/errata/RHSA-2017:2840
- https://security.gentoo.org/glsa/201710-27
- https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html
- http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00003.html
- http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171103-01-dnsmasq-en
- http://www.ubuntu.com/usn/USN-3430-3
- https://access.redhat.com/errata/RHSA-2017:2838
- https://access.redhat.com/errata/RHSA-2017:2839
- https://access.redhat.com/errata/RHSA-2017:2841
- https://access.redhat.com/errata/RHSA-2017:2836
- https://www.arista.com/en/support/advisories-notices/security-advisories/3577-security-advisory-30
- http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00004.html
- http://nvidia.custhelp.com/app/answers/detail/a_id/4561
- http://thekelleys.org.uk/dnsmasq/CHANGELOG
- http://www.debian.org/security/2017/dsa-3989
- http://www.ubuntu.com/usn/USN-3430-2
- https://access.redhat.com/security/vulnerabilities/3199382
- http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00005.html
- http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00006.html
- https://access.redhat.com/errata/RHSA-2017:2837
- https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-449/
- https://www.debian.org/security/2017/dsa-3989
- https://www.kb.cert.org/vuls/id/973527
- https://www.synology.com/support/security/Synology_SA_17_59_Dnsmasq
- https://cert-portal.siemens.com/productcert/pdf/ssa-689071.pdf
- http://packetstormsecurity.com/files/144480/Dnsmasq-2-Byte-Heap-Based-Overflow.html
- https://www.exploit-db.com/exploits/42941/
Affected packages
Git / github.com/infrastructureservices/dnsmasq
Affected versions
v2.*
v2.0
v2.1
v2.10
v2.11
v2.12
v2.13
v2.14
v2.15
v2.16
v2.17
v2.18
v2.19
v2.2
v2.20
v2.21
v2.22
v2.23
v2.24
v2.25
v2.26
v2.27
v2.28
v2.29
v2.3
v2.30
v2.31
v2.32
v2.33
v2.34
v2.35
v2.36
v2.37
v2.38
v2.39
v2.4
v2.40
v2.41
v2.42
v2.43
v2.44
v2.45
v2.46
v2.47
v2.48
v2.49
v2.5
v2.50
v2.51
v2.52
v2.53
v2.55
v2.56
v2.57
v2.58
v2.59
v2.6
v2.60
v2.60rc1
v2.60rc2
v2.60rc3
v2.60rc4
v2.60rc5
v2.60test10
v2.60test11
v2.60test12
v2.60test13
v2.60test14
v2.60test15
v2.60test16
v2.60test17
v2.60test18
v2.60test7
v2.60test8
v2.60test9
v2.61
v2.61rc1
v2.61rc2
v2.61rc3
v2.61rc4
v2.61test10
v2.61test11
v2.61test2
v2.61test3
v2.61test4
v2.61test5
v2.61test6
v2.61test7
v2.61test8
v2.61test9
v2.62
v2.62rc1
v2.62rc2
v2.62rc3
v2.62test1
v2.62test2
v2.62test3
v2.62test4
v2.63
v2.63rc1
v2.63rc2
v2.63rc3
v2.63rc4
v2.63rc5
v2.63rc6
v2.63test1
v2.63test2
v2.63test3
v2.64
v2.64rc1
v2.64rc2
v2.64rc3
v2.64test1
v2.64test2
v2.64test3
v2.64test4
v2.64test5
v2.64test6
v2.64test7
v2.65test1
v2.65test2
v2.65test3
v2.65test4
v2.66
v2.66rc1
v2.66rc2
v2.66rc3
v2.66rc4
v2.66rc5
v2.66test1
v2.66test10
v2.66test11
v2.66test12
v2.66test13
v2.66test14
v2.66test15
v2.66test16
v2.66test17
v2.66test18
v2.66test19
v2.66test2
v2.66test20
v2.66test21
v2.66test22
v2.66test23
v2.66test3
v2.66test4
v2.66test5
v2.66test6
v2.66test7
v2.66test8
v2.66test9
v2.67
v2.67rc1
v2.67rc2
v2.67rc3
v2.67rc4
v2.67test1
v2.67test10
v2.67test11
v2.67test12
v2.67test13
v2.67test14
v2.67test15
v2.67test16
v2.67test17
v2.67test18
v2.67test2
v2.67test3
v2.67test4
v2.67test5
v2.67test6
v2.67test7
v2.67test8
v2.67test9
v2.68
v2.68rc1
v2.68rc2
v2.68rc3
v2.68rc4
v2.68rc5
v2.68test1
v2.68test2
v2.69
v2.69rc1
v2.69rc2
v2.69rc3
v2.69rc4
v2.69test1
v2.69test10
v2.69test11
v2.69test2
v2.69test3
v2.69test4
v2.69test5
v2.69test6
v2.69test7
v2.69test8
v2.69test9
v2.7
v2.70
v2.71
v2.71test1
v2.71test2
v2.72
v2.72rc1
v2.72rc2
v2.72test1
v2.72test2
v2.72test3
v2.73
v2.73rc1
v2.73rc10
v2.73rc2
v2.73rc3
v2.73rc4
v2.73rc5
v2.73rc6
v2.73rc7
v2.73rc8
v2.73rc9
v2.73test1
v2.73test2
v2.73test3
v2.73test4
v2.73test5
v2.73test6
v2.74
v2.74rc1
v2.74rc2
v2.74rc3
v2.74rc4
v2.74test1
v2.74test2
v2.75
v2.76
v2.76rc1
v2.76rc2
v2.76test1
v2.76test10
v2.76test11
v2.76test12
v2.76test13
v2.76test2
v2.76test3
v2.76test4
v2.76test5
v2.76test6
v2.76test7
v2.76test8
v2.76test9
v2.77
v2.77rc1
v2.77rc2
v2.77rc3
v2.77rc4
v2.77rc5
v2.77test1
v2.77test2
v2.77test3
v2.77test4
v2.77test5
v2.8
v2.9
Database specific
unresolved_ranges
[
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "6.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "6.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "6.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "12.04"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "12.04"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "14.04"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "16.04"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "17.04"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "7.1"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "8.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "9.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "42.2"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "42.3"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "11-sp3"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "11-sp4"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "11-sp3"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "11-sp3"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "11-sp4"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "12"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"fixed": "r21.6"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"fixed": "r24.2.2"
}
]
},
{
"events": [
{
"introduced": "3.0"
},
{
"fixed": "3.10.0.55"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"fixed": "jimmy-al00ac00b135"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "4.15"
}
]
},
{
"events": [
{
"introduced": "4.16"
},
{
"fixed": "4.16.13m"
}
]
},
{
"events": [
{
"introduced": "4.17"
},
{
"fixed": "4.17.8m"
}
]
},
{
"events": [
{
"introduced": "4.18"
},
{
"last_affected": "4.18.4.2f"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"fixed": "5.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"fixed": "6.5.1.5"
}
]
},
{
"events": [
{
"introduced": "6.3.1"
},
{
"fixed": "6.3.1.25"
}
]
},
{
"events": [
{
"introduced": "6.4.4.0"
},
{
"fixed": "6.4.4.16"
}
]
},
{
"events": [
{
"introduced": "6.5.0.0"
},
{
"fixed": "6.5.1.9"
}
]
},
{
"events": [
{
"introduced": "6.5.3.0"
},
{
"fixed": "6.5.3.3"
}
]
},
{
"events": [
{
"introduced": "6.5.4.0"
},
{
"fixed": "6.5.4.2"
}
]
},
{
"events": [
{
"introduced": "8.1.0.0"
},
{
"fixed": "8.1.0.4"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "1.1"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "5.2"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "6.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "6.1"
}
]
}
]
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2017-14491.json"