Main Vulnerability Database Exploits ID:1338 - Exploit for Memory corruption in Dnsmasq - CVE-2017-14496

ID:1338 - Exploit for Memory corruption in Dnsmasq - CVE-2017-14496

Published: March 18, 2020

Vulnerability identifier: #VU8665

Vulnerability risk: Medium

CVE-ID: CVE-2017-14496

CWE-ID: CWE-119

Exploitation vector: Remote access

Vulnerable software:
Dnsmasq

Link to public exploit:

https://www.exploit-db.com/exploits/42946/

Vulnerability description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to boundary error in add_pseudoheader() function when processing DNS queries. A remote unauthenticated attacker can send a specially crafted DNS request to the affected service, cause dnsmasq to call memcpy with negative size and crash.

Successful exploitation of this vulnerability may allow an attacker to perform a denial of service (DoS) attack, but requires that dnsmasq is compiled with --add-mac, --add-cpe-id or --add-subnet option.

Remediation

Update to version 2.78.

ID:1338 - Exploit for Memory corruption in Dnsmasq - CVE-2017-14496

Link to public exploit:

Vulnerability description

Remediation

Please verify you're human