Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2017-14493

Опубликовано: 02 окт. 2017
Источник: redhat
CVSS3: 8.8
CVSS2: 8.3
EPSS Низкий

Описание

Stack-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DHCPv6 request.

A stack buffer overflow was found in dnsmasq in the DHCPv6 code. An attacker on the local network could send a crafted DHCPv6 request to dnsmasq which would cause it to a crash or, potentially, execute arbitrary code.

Отчет

Red Hat OpenStack Platform includes the dnsmasq-utils RPM which does not contain this flaw's affected code-paths; Red Hat OpenStack Platform is therefore listed as not affected. However, because all versions of Red Hat OpenStack Platform are based on Red Hat Enterprise Linux, all Red Hat OpenStack Platform users should absolutely upgrade the dnsmasq RPM from Red Hat Enterprise Linux as a matter of urgency using standard update mechanisms (such as 'yum update' or 'openstack overcloud update').

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5dnsmasqNot affected
Red Hat Enterprise Linux 6dnsmasqNot affected
Red Hat Enterprise Linux OpenStack Platform 6 (Juno)dnsmasqNot affected
Red Hat Enterprise Linux OpenStack Platform 7 (Kilo)dnsmasqNot affected
Red Hat OpenStack Platform 10 (Newton)dnsmasqNot affected
Red Hat OpenStack Platform 11 (Ocata)dnsmasqNot affected
Red Hat OpenStack Platform 12 (Pike)dnsmasqNot affected
Red Hat OpenStack Platform 8 (Liberty)dnsmasqNot affected
Red Hat OpenStack Platform 9 (Mitaka)dnsmasqNot affected
Red Hat Enterprise Linux 7dnsmasqFixedRHSA-2017:283602.10.2017

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Critical
Дефект:
CWE-121
https://bugzilla.redhat.com/show_bug.cgi?id=1495411dnsmasq: stack buffer overflow in the DHCPv6 code

EPSS

Процентиль: 90%
0.05615
Низкий

8.8 High

CVSS3

8.3 High

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2017-14493

CVSS3: 9.8
ubuntu
около 8 лет назад

Stack-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DHCPv6 request.

nvd логотип

CVE-2017-14493

CVSS3: 9.8
nvd
около 8 лет назад

Stack-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DHCPv6 request.

debian логотип

CVE-2017-14493

CVSS3: 9.8
debian
около 8 лет назад

Stack-based buffer overflow in dnsmasq before 2.78 allows remote attac ...

github логотип

GHSA-7mpq-366q-m6vq

CVSS3: 9.8
github
больше 3 лет назад

Stack-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DHCPv6 request.

fstec логотип

BDU:2017-02358

CVSS3: 9.8
fstec
около 8 лет назад

Уязвимость DNS-сервера Dnsmasq, вызванная переполнением буфера на стеке, позволяющая нарушителю вызвать отказ в обслуживании или выполнить произвольный код

EPSS

Процентиль: 90%
0.05615
Низкий

8.8 High

CVSS3

8.3 High

CVSS2