Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2017-14496

Integer underflow in the add_pseudoheader function in dnsmasq before 2.78 , when the --add-mac, --add-cpe-id or --add-subnet option is specified, allows remote attackers to cause a denial of service via a crafted DNS request.

Related bugs and status

CVE-2017-14496 (Candidate) is related to these bugs:

Bug #1721063: vulnerability in dnsmasq

		In	Importance	Status
1721063	vulnerability in dnsmasq	neutron	Undecided	Won't Fix
1721063	vulnerability in dnsmasq	OpenStack Security Advisory	Undecided	Won't Fix
1721063	vulnerability in dnsmasq	OpenStack Security Notes	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

MLIST: [dnsmasq-discuss] 2017...
MLIST: [dnsmasq-discuss] 2017...
MISC: https://security.googl...
CONFIRM: http://thekelleys.org....
CONFIRM: http://thekelleys.org....
CONFIRM: https://source.android...
SECTRACK: 1039474
EXPLOIT-DB: 42946
BID: 101085
CONFIRM: https://access.redhat....
DEBIAN: DSA-3989
REDHAT: RHSA-2017:2836
SUSE: openSUSE-SU-2017:2633
UBUNTU: USN-3430-1
UBUNTU: USN-3430-2
CERT-VN: VU#973527
CONFIRM: http://nvidia.custhelp...
GENTOO: GLSA-201710-27
BID: 101977
CONFIRM: https://www.synology.c...
CONFIRM: http://www.arubanetwor...
CONFIRM: https://cert-portal.si...