Launchpad CVE tracker

CVE 2017-13704

In dnsmasq before 2.78, if the DNS packet size does not match the expected size, the size parameter in a memset call gets a negative value. As it is an unsigned value, memset ends up writing up to 0xffffffff zero's (0xffffffffffffffff in 64 bit platforms), making dnsmasq crash.

Related bugs and status

CVE-2017-13704 (Candidate) is related to these bugs:

Bug #1721063: vulnerability in dnsmasq

		In	Importance	Status
1721063	vulnerability in dnsmasq	neutron	Undecided	Won't Fix
1721063	vulnerability in dnsmasq	OpenStack Security Advisory	Undecided	Won't Fix
1721063	vulnerability in dnsmasq	OpenStack Security Notes	Undecided	Fix Released

Bug #1741271: Please backport CVE-2017-13704 fix from dnsmasq 2.78 to 2.76 for Newton cloud-archive

		In	Importance	Status
1741271	Please backport CVE-2017-13704 fix from dnsmasq 2.78 to 2.76 for Newton cloud-archive	Ubuntu Cloud Archive	High	Fix Released
1741271	Please backport CVE-2017-13704 fix from dnsmasq 2.78 to 2.76 for Newton cloud-archive	Ubuntu Cloud Archive newton	Undecided	Invalid
1741271	Please backport CVE-2017-13704 fix from dnsmasq 2.78 to 2.76 for Newton cloud-archive	Ubuntu Cloud Archive ocata	Undecided	Invalid

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2017-13704

References