vulnerability
Oracle Linux: CVE-2017-14492: ELSA-2017-2836: dnsmasq security update (CRITICAL) (Multiple Advisories)
Severity | CVSS | Published | Added | Modified |
---|---|---|---|---|
8 | (AV:A/AC:L/Au:N/C:C/I:C/A:C) | Oct 2, 2017 | Oct 2, 2017 | Dec 18, 2024 |
Severity
8
CVSS
(AV:A/AC:L/Au:N/C:C/I:C/A:C)
Published
Oct 2, 2017
Added
Oct 2, 2017
Modified
Dec 18, 2024
Description
Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted IPv6 router advertisement request.
A heap buffer overflow was discovered in dnsmasq in the IPv6 router advertisement (RA) handling code. An attacker on the local network segment could send crafted RAs to dnsmasq which would cause it to crash or, potentially, execute arbitrary code. This issue only affected configurations using one of these options: enable-ra, ra-only, slaac, ra-names, ra-advrouter, or ra-stateless.
A heap buffer overflow was discovered in dnsmasq in the IPv6 router advertisement (RA) handling code. An attacker on the local network segment could send crafted RAs to dnsmasq which would cause it to crash or, potentially, execute arbitrary code. This issue only affected configurations using one of these options: enable-ra, ra-only, slaac, ra-names, ra-advrouter, or ra-stateless.
Solution(s)
oracle-linux-upgrade-dnsmasqoracle-linux-upgrade-dnsmasq-utils

NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.