Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2019-14834

Опубликовано: 23 окт. 2019
Источник: redhat
CVSS3: 3.7
EPSS Низкий

Описание

A vulnerability was found in dnsmasq before version 2.81, where the memory leak allows remote attackers to cause a denial of service (memory consumption) via vectors involving DHCP response creation.

A flaw was found in the Dnsmasq application where a remote attacker can trigger a memory leak by sending specially crafted DHCP responses to the server. A successful attack is dependent on a specific configuration regarding the domain name set into the dnsmasq.conf file. Over time, the memory leak may cause the process to run out of memory and terminate, causing a denial of service.

Отчет

In Red Hat OpenStack Platform, which currently supports Red Hat Enterprise Linux 7.7, the dnsmasq package is pulled directly from the rhel-7-server-rpms channel. Red Hat OpenStack Platform's version is therefore unused, please ensure that the underlying Red Hat Enterprise Linux dnsmasq package is current.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5dnsmasqOut of support scope
Red Hat Enterprise Linux 6dnsmasqOut of support scope
Red Hat OpenStack Platform 10 (Newton)dnsmasqWill not fix
Red Hat OpenStack Platform 13 (Queens)dnsmasqWill not fix
Red Hat OpenStack Platform 14 (Rocky)dnsmasqWill not fix
Red Hat Enterprise Linux 7dnsmasqFixedRHSA-2020:387829.09.2020
Red Hat Enterprise Linux 8dnsmasqFixedRHSA-2020:171528.04.2020

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low
Дефект:
CWE-770
https://bugzilla.redhat.com/show_bug.cgi?id=1764425dnsmasq: memory leak in the create_helper() function in /src/helper.c

EPSS

Процентиль: 13%
0.00042
Низкий

3.7 Low

CVSS3

Связанные уязвимости

ubuntu логотип

CVE-2019-14834

CVSS3: 3.7
ubuntu
около 6 лет назад

A vulnerability was found in dnsmasq before version 2.81, where the memory leak allows remote attackers to cause a denial of service (memory consumption) via vectors involving DHCP response creation.

nvd логотип

CVE-2019-14834

CVSS3: 3.7
nvd
около 6 лет назад

A vulnerability was found in dnsmasq before version 2.81, where the memory leak allows remote attackers to cause a denial of service (memory consumption) via vectors involving DHCP response creation.

msrc логотип

CVE-2019-14834

CVSS3: 3.7
msrc
больше 5 лет назад

A vulnerability was found in dnsmasq before version 2.81 where the memory leak allows remote attackers to cause a denial of service (memory consumption) via vectors involving DHCP response creation.

debian логотип

CVE-2019-14834

CVSS3: 3.7
debian
около 6 лет назад

A vulnerability was found in dnsmasq before version 2.81, where the me ...

suse-cvrf логотип

SUSE-SU-2020:0419-1

suse-cvrf
почти 6 лет назад

Security update for dnsmasq

EPSS

Процентиль: 13%
0.00042
Низкий

3.7 Low

CVSS3