Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2017-14495

Memory leak in dnsmasq before 2.78, when the --add-mac, --add-cpe-id or --add-subnet option is specified, allows remote attackers to cause a denial of service (memory consumption) via vectors involving DNS response creation.

Related bugs and status

CVE-2017-14495 (Candidate) is related to these bugs:

Bug #1721063: vulnerability in dnsmasq

		In	Importance	Status
1721063	vulnerability in dnsmasq	neutron	Undecided	Won't Fix
1721063	vulnerability in dnsmasq	OpenStack Security Advisory	Undecided	Won't Fix
1721063	vulnerability in dnsmasq	OpenStack Security Notes	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

MLIST: [dnsmasq-discuss] 2017...
MLIST: [dnsmasq-discuss] 2017...
MISC: https://security.googl...
CONFIRM: http://thekelleys.org....
CONFIRM: http://thekelleys.org....
SECTRACK: 1039474
EXPLOIT-DB: 42945
BID: 101085
CONFIRM: https://access.redhat....
DEBIAN: DSA-3989
REDHAT: RHSA-2017:2836
SUSE: openSUSE-SU-2017:2633
UBUNTU: USN-3430-1
UBUNTU: USN-3430-2
CERT-VN: VU#973527
CONFIRM: http://nvidia.custhelp...
GENTOO: GLSA-201710-27
BID: 101977
CONFIRM: https://www.synology.c...
CONFIRM: http://www.arubanetwor...
CONFIRM: https://cert-portal.si...