Huawei has released software updates to fix these vulnerabilities. CVE ID CWE ID of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2017-13704. An attacker could send crafted DNS packet size does not match the expected size, leading to dnsmasq crash. There is an integer overflow vulnerability in dnsmasq. This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2017-14496. This issue only affected configurations using one of the options: add-mac, add-cpe-id, or add-subnet. An attacker could send crafted DNS packets to dnsmasq which would cause it to crash.
Fix cve 2017 14491 for mac code#
There is an integer underflow vulnerability in the EDNS0 code leading to a buffer over-read. This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2017-14495. An attacker could send crafted DNS packets which would trigger memory allocations which would never be freed, leading to unbounded memory consumption and eventually a crash. There is a memory exhaustion vulnerability in dnsmasq in the EDNS0 code. This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2017-14494. An attacker on the local network could send crafted DHCPv6 packets to dnsmasq causing it to forward the contents of process memory, potentially leaking sensitive data. There is an information leak vulnerability in dnsmasq in the DHCPv6 relay code. This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2017-14493. An attacker on the local network could send a crafted DHCPv6 request to dnsmasq which would cause it to a crash or, potentially, execute arbitrary code. There is a stack buffer overflow vulnerability in dnsmasq in the DHCPv6 code. Bug 1495409 (CVE-2017-14491) - CVE-2017-14491 dnsmasq: heap overflow in the code responsible for building DNS replies.
This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2017-14492. This issue only affected configurations using one of these options: enable-ra, ra-only, slaac, ra-names, ra-advrouter, or ra-stateless. An attacker on the local network segment could send crafted RAs to dnsmasq which would cause it to crash or, potentially, execute arbitrary code. There is a heap buffer overflow vulnerability in dnsmasq in the IPv6 router advertisement (RA) handling code. This vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) ID: CVE-2017-14491. An attacker could send crafted DNS packets to dnsmasq which would cause it to crash or, potentially, execute arbitrary code. There is a heap buffer overflow vulnerability in dnsmasq in the code responsible when building DNS replies.
This is a record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.Dnsmasq is a widely used piece of open-source softwarea designed to provide DNS, DHCP, Dnsmasq 2.77 and before version contains 7 security vulnerabilities.
Necessarily indicate when this vulnerability wasĭiscovered, shared with the affected vendor, publicly The CVE ID was allocated or reserved, and does not