vulnerability
Oracle Linux: CVE-2017-14494: ELSA-2017-2836: dnsmasq security update (CRITICAL) (Multiple Advisories)
Severity | CVSS | Published | Added | Modified |
---|---|---|---|---|
6 | (AV:A/AC:L/Au:N/C:C/I:N/A:N) | Oct 2, 2017 | Oct 2, 2017 | Dec 18, 2024 |
Severity
6
CVSS
(AV:A/AC:L/Au:N/C:C/I:N/A:N)
Published
Oct 2, 2017
Added
Oct 2, 2017
Modified
Dec 18, 2024
Description
dnsmasq before 2.78, when configured as a relay, allows remote attackers to obtain sensitive memory information via vectors involving handling DHCPv6 forwarded requests.
An information leak was found in dnsmasq in the DHCPv6 relay code. An attacker on the local network could send crafted DHCPv6 packets to dnsmasq causing it to forward the contents of process memory, potentially leaking sensitive data.
An information leak was found in dnsmasq in the DHCPv6 relay code. An attacker on the local network could send crafted DHCPv6 packets to dnsmasq causing it to forward the contents of process memory, potentially leaking sensitive data.
Solution(s)
oracle-linux-upgrade-dnsmasqoracle-linux-upgrade-dnsmasq-utils

NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.