CVE-2017-13704

EUVD-2017-5221
In dnsmasq before 2.78, if the DNS packet size does not match the expected size, the size parameter in a memset call gets a negative value. As it is an unsigned value, memset ends up writing up to 0xffffffff zero's (0xffffffffffffffff in 64 bit platforms), making dnsmasq crash.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 99%
Affected Products (NVD)
VendorProductVersion
canonicalubuntu_linux
14.04
canonicalubuntu_linux
16.04
canonicalubuntu_linux
17.04
debiandebian_linux
7.0
debiandebian_linux
7.1
debiandebian_linux
9.0
novellleap
42.2
novellleap
42.3
redhatenterprise_linux_desktop
7.0
redhatenterprise_linux_server
7.0
redhatenterprise_linux_workstation
7.0
thekelleysdnsmasq
𝑥
≤ 2.77
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
dnsmasq
bookworm
2.89-1
fixed
bullseye
2.85-1
fixed
jessie
not-affected
sid
2.90-4
fixed
stretch
not-affected
trixie
2.90-4
fixed
wheezy
not-affected
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
dnsmasq
trusty
not-affected
xenial
not-affected
zesty
not-affected
Common Weakness Enumeration
References
http://thekelleys.org.uk/dnsmasq/CHANGELOG
http://thekelleys.org.uk/gitweb/?p=dnsmasq.git%3Ba=commit%3Bh=63437ffbb58837b214b4b92cb1c54bc5f3279928
http://www.securityfocus.com/bid/101085
http://www.securityfocus.com/bid/101977
http://www.securitytracker.com/id/1039474
https://access.redhat.com/security/vulnerabilities/3199382
https://cert-portal.siemens.com/productcert/pdf/ssa-689071.pdf
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4TK6DWC53WSU6633EVZL7H4PCWBYHMHK/
https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html
https://www.mail-archive.com/dnsmasq-discuss%40lists.thekelleys.org.uk/msg11664.html
https://www.mail-archive.com/dnsmasq-discuss%40lists.thekelleys.org.uk/msg11665.html
https://www.synology.com/support/security/Synology_SA_17_59_Dnsmasq
http://thekelleys.org.uk/dnsmasq/CHANGELOG
http://thekelleys.org.uk/gitweb/?p=dnsmasq.git%3Ba=commit%3Bh=63437ffbb58837b214b4b92cb1c54bc5f3279928
http://www.securityfocus.com/bid/101085
http://www.securityfocus.com/bid/101977
http://www.securitytracker.com/id/1039474
https://access.redhat.com/security/vulnerabilities/3199382
https://cert-portal.siemens.com/productcert/pdf/ssa-689071.pdf
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4TK6DWC53WSU6633EVZL7H4PCWBYHMHK/
https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html
https://www.mail-archive.com/dnsmasq-discuss%40lists.thekelleys.org.uk/msg11664.html
https://www.mail-archive.com/dnsmasq-discuss%40lists.thekelleys.org.uk/msg11665.html
https://www.synology.com/support/security/Synology_SA_17_59_Dnsmasq