CVE-2017-15107

Опубликовано: 23 янв. 2018

Источник: nvd

CVSS3: 7.5

CVSS2: 5

EPSS Низкий

Описание

A vulnerability was found in the implementation of DNSSEC in Dnsmasq up to and including 2.78. Wildcard synthesized NSEC records could be improperly interpreted to prove the non-existence of hostnames that actually exist.

Ссылки

http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00027.html
http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2018q1/011896.html
Vendor Advisory
http://www.securityfocus.com/bid/102812
Third Party Advisory
VDB Entry
http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00027.html
http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2018q1/011896.html
Vendor Advisory
http://www.securityfocus.com/bid/102812
Third Party Advisory
VDB Entry

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:thekelleys:dnsmasq:*:*:*:*:*:*:*:*

Версия до 2.78 (включая)

EPSS

Процентиль: 6%

0.00025

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-358

NVD-CWE-noinfo

Связанные уязвимости

CVE-2017-15107

CVSS3: 7.5

ubuntu

около 8 лет назад

CVE-2017-15107

CVSS3: 5.4

redhat

около 8 лет назад

CVE-2017-15107

CVSS3: 7.5

debian

около 8 лет назад

A vulnerability was found in the implementation of DNSSEC in Dnsmasq u ...

SUSE-SU-2019:1721-1

suse-cvrf

больше 6 лет назад

Security update for dnsmasq

SUSE-SU-2019:14190-1

suse-cvrf

больше 6 лет назад

Security update for dnsmasq

EPSS

Процентиль: 6%

0.00025

Низкий

7.5 High

CVSS3

5 Medium

CVSS2

Дефекты

CWE-358

NVD-CWE-noinfo