{"vuid":"VU#973527","idnumber":"973527","name":"Dnsmasq contains multiple vulnerabilities","keywords":["dns","dnsmasq","buffer overflow"],"overview":"Dnsmasq versions 2.77 and earlier contains multiple vulnerabilities.","clean_desc":"Multiple vulnerabilities have been reported in dnsmasq. CWE-122: Heap-based Buffer Overflow - CVE-2017-14491 CWE-122: Heap-based Buffer Overflow - CVE-2017-14492 CWE-121: Stack-based Buffer Overflow - CVE-2017-14493 CWE-200: Information Exposure - CVE-2017-14494 CWE-400: Uncontrolled Resource Consumption('Resource Exhaustion') - CVE-2017-14495 CWE-191: Integer Underflow - CVE-2017-14496 Please see the Google Security blog post for additional information.","impact":"Dnsmasq is a widely used piece of open-source software. These vulnerabilities can be triggered remotely via DNS and DHCP protocols and can lead to remote code execution, information exposure, and denial of service. In some cases an attacker would need to induce one or more DNS requests.","resolution":"Apply an Update\ndnsmasq version 2.78 has been released to address these vulnerabilities.","workarounds":"","sysaffected":"","thanks":"Thanks to Felix Wilhelm, Fermin J. Serna, Gabriel Campana, Kevin Hamacher and Ron Bowes of the Google Security Team for reporting this vulnerability.","author":"This document was written by Trent Novelly.","public":["http://www.thekelleys.org.uk/dnsmasq/doc.html","https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html"],"cveids":["CVE-2017-14491","CVE-2017-14492","CVE-2017-14493","CVE-2017-14494","CVE-2017-14495","CVE-2017-14496"],"certadvisory":"","uscerttechnicalalert":null,"datecreated":"2017-09-25T15:58:28Z","publicdate":"2017-10-02T00:00:00Z","datefirstpublished":"2017-10-02T20:37:29Z","dateupdated":"2018-02-02T14:16:28Z","revision":26,"vrda_d1_directreport":"1","vrda_d1_population":"","vrda_d1_impact":"","cam_widelyknown":"0","cam_exploitation":"0","cam_internetinfrastructure":"0","cam_population":"0","cam_impact":"0","cam_easeofexploitation":"0","cam_attackeraccessrequired":"0","cam_scorecurrent":"0","cam_scorecurrentwidelyknown":"0","cam_scorecurrentwidelyknownexploited":"0","ipprotocol":"","cvss_accessvector":"N","cvss_accesscomplexity":"L","cvss_authentication":null,"cvss_confidentialityimpact":"C","cvss_integrityimpact":"C","cvss_availabilityimpact":"C","cvss_exploitablity":null,"cvss_remediationlevel":"OF","cvss_reportconfidence":"C","cvss_collateraldamagepotential":"ND","cvss_targetdistribution":"H","cvss_securityrequirementscr":"ND","cvss_securityrequirementsir":"ND","cvss_securityrequirementsar":"ND","cvss_basescore":"10","cvss_basevector":"AV:N/AC:L/Au:N/C:C/I:C/A:C","cvss_temporalscore":"8.7","cvss_environmentalscore":"8.6952104064","cvss_environmentalvector":"CDP:ND/TD:H/CR:ND/IR:ND/AR:ND","metric":0.0,"vulnote":null}