V
Scaner-VS
ENRU
HomeCatalogSourcesCWECAPECATT&CKMitigationsProductsVendorsDocs
Back to catalog
CVE-2017-14493
DEB
HighConfirmedExploit available

Stack-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code v…

CVSS
8.8
High
EPSS
0.84
p99
Published
2017-01-01
Updated
2017-01-01
Description

Stack-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DHCPv6 request.

Tags · CWE
CWE-119
CWE-121
CAPEC-8
CAPEC-9
CAPEC-10
CAPEC-14
CAPEC-24
CAPEC-42
CAPEC-44
CAPEC-45
CAPEC-46
CAPEC-47
CAPEC-100
CAPEC-123
Affected products
Ubuntu_linuxDebian_linuxLeapEnterprise_linux_desktopEnterprise_linux_serverEnterprise_linux_workstation
CVSS vector
CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Timeline
2017-01-01
Published
2017-01-01
Updated
CVSS 3.1 breakdown
Attack Vector
AV: A
Adjacent Network (A)
Attack Complexity
AC: L
Low (L)
Privileges Required
PR: N
None (N)
User Interaction
UI: N
None (N)
Scope
S: U
Unchanged (U)
Confidentiality Impact
C: H
High (H)
Integrity Impact
I: H
High (H)
Availability Impact
A: H
High (H)
Exploit indicators
EPSS
0.836 · p99
Known exploited (KEV)
No
Known exploits — Сканер-ВС
42943
exploitdb · https://www.exploit-db.com/exploits/42943
Enterprise
CVE-2017-14493
github-poc · https://github.com/pupiles/bof-dnsmasq-cve-2017-14493
Enterprise
Affected products
Debian
Debian LinuxDnsmasq
Canonical
Ubuntu LinuxDnsmasq
Red Hat
Enterprise Linux DesktopEnterprise Linux ServerEnterprise Linux WorkstationDnsmasq
Opensuse
Leap
Thekelleys
Dnsmasq
ProductVendorStatus
dnsmasqTracked
dnsmasqTracked
dnsmasqTracked
dnsmasqTracked
dnsmasqTracked
dnsmasqTracked
dnsmasqTracked
dnsmasqTracked
debian_linux*Tracked
dnsmasq*Tracked
enterprise_linux_desktop*Tracked
enterprise_linux_server*Tracked
enterprise_linux_workstation*Tracked
leap*Tracked
ubuntu_linux*Tracked
Source databases
DEB
CVE
RED
UBU
Related vulnerabilities
BDU:2017-02358