vulnerability

Oracle Linux: CVE-2017-14495: ELSA-2017-2836: dnsmasq security update (CRITICAL) (Multiple Advisories)

Severity
8
CVSS
(AV:N/AC:L/Au:N/C:N/I:N/A:C)
Published
Oct 2, 2017
Added
Oct 2, 2017
Modified
Dec 18, 2024

Description

Memory leak in dnsmasq before 2.78, when the --add-mac, --add-cpe-id or --add-subnet option is specified, allows remote attackers to cause a denial of service (memory consumption) via vectors involving DNS response creation.
A memory exhaustion flaw was found in dnsmasq in the EDNS0 code. An attacker could send crafted DNS packets which would trigger memory allocations which would never be freed, leading to unbounded memory consumption and eventually a crash. This issue only affected configurations using one of the options: add-mac, add-cpe-id, or add-subnet.

Solution(s)

oracle-linux-upgrade-dnsmasqoracle-linux-upgrade-dnsmasq-utils
Title
NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.