Main Vulnerability Database Exploits ID:1336 - Exploit for Memory leak in Dnsmasq - CVE-2017-14494

ID:1336 - Exploit for Memory leak in Dnsmasq - CVE-2017-14494

Published: March 18, 2020

Vulnerability identifier: #VU8663

Vulnerability risk: Low

CVE-ID: CVE-2017-14494

CWE-ID: CWE-401

Exploitation vector: Adjecent network

Vulnerable software:
Dnsmasq

Link to public exploit:

https://www.exploit-db.com/exploits/42944/

Vulnerability description

The vulnerability allows a remote attacker to gain access to potentially sensitive information.

The vulnerability exists due to memory leak when processing DHCPv6 requests. A remote unauthenticated attacker on local network can send specially crafted DHCPv6 request to the affected service and cause dnsmasq to forward memory from outside the packet buffer to a DHCPv6 server when acting as a relay.

Successful exploitation of this vulnerability may allow an attacker to read parts of memory from the affected system and bypass ASLR.

Remediation

Update to version 2.78.

ID:1336 - Exploit for Memory leak in Dnsmasq - CVE-2017-14494

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human