CVE-2019-14834

Public on 2020-01-07
Modified on 2020-12-17
Description
A flaw was found in the Dnsmasq application where a remote attacker can trigger a memory leak by sending specially crafted DHCP responses to the server. A successful attack is dependent on a specific configuration regarding the domain name set into the dnsmasq.conf file. Over time, the memory leak may cause the process to run out of memory and terminate, causing a denial of service.
Severity
Low severity
Low
CVSS v3 Base Score
3.7
See breakdown

Affected Packages

Platform Package Release Date Advisory Status
Amazon Linux 1 dnsmasq 2020-12-16 ALAS-2020-1458 Fixed
Amazon Linux 2 - Core dnsmasq 2020-10-22 ALAS2-2020-1507 Fixed

CVSS Scores

Score Type Score Vector
Amazon Linux CVSSv3 3.7 CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L
NVD CVSSv2 4.3 AV:N/AC:M/Au:N/C:N/I:N/A:P
NVD CVSSv3 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L