In dnsmasq before 2.78, if the DNS packet size does not match the expected size, the size parameter in a memset call gets a negative value. As it is an unsigned value, memset ends up writing up to 0xffffffff zero's (0xffffffffffffffff in 64 bit platforms), making dnsmasq crash.
http://thekelleys.org.uk/dnsmasq/CHANGELOG
http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=63437ffbb58837b214b4b92cb1c54bc5f3279928
http://www.securityfocus.com/bid/101085
http://www.securityfocus.com/bid/101977
http://www.securitytracker.com/id/1039474
https://access.redhat.com/security/vulnerabilities/3199382
https://cert-portal.siemens.com/productcert/pdf/ssa-689071.pdf
https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html
https://www.mail-archive.com/[email protected]/msg11664.html
https://www.mail-archive.com/[email protected]/msg11665.html
https://www.synology.com/support/security/Synology_SA_17_59_Dnsmasq
Source: MITRE
Published: 2017-10-03
Updated: 2018-05-11
Type: CWE-20
Base Score: 5
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Impact Score: 2.9
Exploitability Score: 10
Severity: MEDIUM
Base Score: 7.5
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Impact Score: 3.6
Exploitability Score: 3.9
Severity: HIGH
OR
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:17.04:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:7.1:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:27:*:*:*:*:*:*:*
cpe:2.3:o:novell:leap:42.2:*:*:*:*:*:*:*
cpe:2.3:o:novell:leap:42.3:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
OR
cpe:2.3:a:thekelleys:dnsmasq:*:*:*:*:*:*:*:* versions up to 2.77 (inclusive)
ID | Name | Product | Family | Severity |
---|---|---|---|---|
123860 | EulerOS Virtualization 2.5.3 : dnsmasq (EulerOS-SA-2019-1174) | Nessus | Huawei Local Security Checks | medium |
111887 | Photon OS 1.0: Binutils / C / Dnsmasq / Git / Gnutls / Krb5 / Linux / Mercurial / Mesos / Nginx PHSA-2017-0038 (deprecated) | Nessus | PhotonOS Local Security Checks | high |
109037 | pfSense < 2.3.5 Multiple Vulnerabilities (KRACK) | Nessus | Firewalls | high |
105837 | Fedora 27 : dnsmasq (2017-274d763ed8) | Nessus | Fedora Local Security Checks | medium |
103647 | dnsmasq < 2.78 Multiple Remote Vulnerabilities | Nessus | DNS | high |
103620 | FreeBSD : dnsmasq -- multiple vulnerabilities (b77b5646-a778-11e7-ac58-b499baebfeaf) | Nessus | FreeBSD Local Security Checks | high |
103599 | Slackware 13.0 / 13.1 / 13.37 / 14.0 / 14.1 / 14.2 / current : dnsmasq (SSA:2017-275-01) | Nessus | Slackware Local Security Checks | high |