CVE-2017-14492
Public on 2017-10-02
Modified on 2019-07-22
Description
A heap buffer overflow was discovered in dnsmasq in the IPv6 router advertisement (RA) handling code. An attacker on the local network segment could send crafted RAs to dnsmasq which would cause it to crash or, potentially, execute arbitrary code. This issue only affected configurations using one of these options: enable-ra, ra-only, slaac, ra-names, ra-advrouter, or ra-stateless.
Severity
Critical
CVSS v3 Base Score
See breakdown
Affected Packages
| Platform | Package | Release Date | Advisory | Status |
|---|---|---|---|---|
| Amazon Linux 1 | dnsmasq | 2017-10-02 | ALAS-2017-907 | Fixed |
| Amazon Linux 2 - Core | dnsmasq | 2019-07-18 | ALAS2-2019-1251 | Fixed |
CVSS Scores
| Score Type | Score | Vector | |
|---|---|---|---|
| Amazon Linux | CVSSv2 | 8.3 | AV:A/AC:L/Au:N/C:C/I:C/A:C |
| Amazon Linux | CVSSv3 | 8.8 | CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
| NVD | CVSSv2 | 7.5 | AV:N/AC:L/Au:N/C:P/I:P/A:P |
| NVD | CVSSv3 | 9.8 | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |