- Home
- CVEs with nessus.description==Security Fix(es) :
- A heap buffer overflow was found in dnsmasq in the code
responsible for building DNS replies. An attacker could
send crafted DNS packets to dnsmasq which would cause it
to crash or, potentially, execute arbitrary code.
(CVE-2017-14491)
- A heap buffer overflow was discovered in dnsmasq in the
IPv6 router advertisement (RA) handling code. An
attacker on the local network segment could send crafted
RAs to dnsmasq which would cause it to crash or,
potentially, execute arbitrary code. This issue only
affected configurations using one of these options:
enable-ra, ra-only, slaac, ra- names, ra-advrouter, or
ra-stateless. (CVE-2017-14492)
- A stack-based buffer overflow was found in dnsmasq in
the DHCPv6 code. An attacker on the local network could
send a crafted DHCPv6 request to dnsmasq which would
cause it to a crash or, potentially, execute arbitrary
code. (CVE-2017-14493)
- An information leak was found in dnsmasq in the DHCPv6
relay code. An attacker on the local network could send
crafted DHCPv6 packets to dnsmasq causing it to forward
the contents of process memory, potentially leaking
sensitive data. (CVE-2017-14494)
- A memory exhaustion flaw was found in dnsmasq in the
EDNS0 code. An attacker could send crafted DNS packets
which would trigger memory allocations which would never
be freed, leading to unbounded memory consumption and
eventually a crash. This issue only affected
configurations using one of the options: add-mac,
add-cpe-id, or add- subnet. (CVE-2017-14495)
- An integer underflow flaw leading to a buffer over-read
was found in dnsmasq in the EDNS0 code. An attacker
could send crafted DNS packets to dnsmasq which would
cause it to crash. This issue only affected
configurations using one of the options: add-mac,
add-cpe-id, or add- subnet. (CVE-2017-14496)
Max CVSS | 0 |
Min CVSS | 0 |
Total Count | 2 |
| ID | CVSS | Summary | Last (major) update | Published |
Back to Top
Mark selected
Back to Top