Main Vulnerability Database Exploits ID:1337 - Exploit for Memory exhaustion in Dnsmasq - CVE-2017-14495

ID:1337 - Exploit for Memory exhaustion in Dnsmasq - CVE-2017-14495

Published: March 18, 2020

Vulnerability identifier: #VU8664

Vulnerability risk: Medium

CVE-ID: CVE-2017-14495

CWE-ID: CWE-400

Exploitation vector: Remote access

Vulnerable software:
Dnsmasq

Link to public exploit:

https://www.exploit-db.com/exploits/42945/

Vulnerability description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to incorrect memory allocation (memory is never freed) in add_pseudoheader() function when processing DNS queries. A remote unauthenticated attacker can send a specially crafted DNS request to the affected service and cause dnsmasq to consume all available memory.

Successful exploitation of this vulnerability may allow an attacker to perform a denial of service (DoS) attack, but requires that dnsmasq is compiled with --add-mac, --add-cpe-id or --add-subnet option.

Remediation

Update to version 2.78.

ID:1337 - Exploit for Memory exhaustion in Dnsmasq - CVE-2017-14495

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human