CVE-2017-14496
Public on 2017-10-02
Modified on 2019-07-22
Description
An integer underflow flaw leading to a buffer over-read was found in dnsmasq in the EDNS0 code. An attacker could send crafted DNS packets to dnsmasq which would cause it to crash. This issue only affected configurations using one of the options: add-mac, add-cpe-id, or add-subnet.
Severity
Important
CVSS v3 Base Score
See breakdown
Affected Packages
| Platform | Package | Release Date | Advisory | Status |
|---|---|---|---|---|
| Amazon Linux 1 | dnsmasq | 2017-10-02 | ALAS-2017-907 | Fixed |
| Amazon Linux 2 - Core | dnsmasq | 2019-07-18 | ALAS2-2019-1251 | Fixed |
CVSS Scores
| Score Type | Score | Vector | |
|---|---|---|---|
| Amazon Linux | CVSSv2 | 7.8 | AV:N/AC:L/Au:N/C:N/I:N/A:C |
| Amazon Linux | CVSSv3 | 7.5 | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
| NVD | CVSSv2 | 7.8 | AV:N/AC:L/Au:N/C:N/I:N/A:C |
| NVD | CVSSv3 | 7.5 | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |