{ "threat_severity" : "Important", "public_date" : "2017-10-02T00:00:00Z", "bugzilla" : { "description" : "dnsmasq: integer underflow leading to buffer over-read in the EDNS0 code", "id" : "1495416", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1495416" }, "cvss" : { "cvss_base_score" : "7.8", "cvss_scoring_vector" : "AV:N/AC:L/Au:N/C:N/I:N/A:C", "status" : "verified" }, "cvss3" : { "cvss3_base_score" : "7.5", "cvss3_scoring_vector" : "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status" : "verified" }, "cwe" : "CWE-190->CWE-125", "details" : [ "Integer underflow in the add_pseudoheader function in dnsmasq before 2.78 , when the --add-mac, --add-cpe-id or --add-subnet option is specified, allows remote attackers to cause a denial of service via a crafted DNS request.", "An integer underflow flaw leading to a buffer over-read was found in dnsmasq in the EDNS0 code. An attacker could send crafted DNS packets to dnsmasq which would cause it to crash. This issue only affected configurations using one of the options: add-mac, add-cpe-id, or add-subnet." ], "statement" : "Red Hat OpenStack Platform includes the dnsmasq-utils RPM which does not contain this flaw's affected code-paths; Red Hat OpenStack Platform is therefore listed as not affected.\nHowever, because all versions of Red Hat OpenStack Platform are based on Red Hat Enterprise Linux, all Red Hat OpenStack Platform users should absolutely upgrade the dnsmasq RPM from Red Hat Enterprise Linux as a matter of urgency using standard update mechanisms (such as 'yum update' or 'openstack overcloud update').", "acknowledgement" : "Red Hat would like to thank Felix Wilhelm (Google Security Team), Fermin J. Serna (Google Security Team), Gabriel Campana (Google Security Team), Kevin Hamacher (Google Security Team), and Ron Bowes (Google Security Team) for reporting this issue.", "affected_release" : [ { "product_name" : "Red Hat Enterprise Linux 7", "release_date" : "2017-10-02T00:00:00Z", "advisory" : "RHSA-2017:2836", "cpe" : "cpe:/o:redhat:enterprise_linux:7", "package" : "dnsmasq-0:2.76-2.el7_4.2" } ], "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 5", "fix_state" : "Not affected", "package_name" : "dnsmasq", "cpe" : "cpe:/o:redhat:enterprise_linux:5" }, { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Not affected", "package_name" : "dnsmasq", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise Linux OpenStack Platform 6 (Juno)", "fix_state" : "Not affected", "package_name" : "dnsmasq", "cpe" : "cpe:/a:redhat:openstack:6" }, { "product_name" : "Red Hat Enterprise Linux OpenStack Platform 7 (Kilo)", "fix_state" : "Not affected", "package_name" : "dnsmasq", "cpe" : "cpe:/a:redhat:openstack:7" }, { "product_name" : "Red Hat OpenStack Platform 10 (Newton)", "fix_state" : "Not affected", "package_name" : "dnsmasq", "cpe" : "cpe:/a:redhat:openstack:10" }, { "product_name" : "Red Hat OpenStack Platform 11 (Ocata)", "fix_state" : "Not affected", "package_name" : "dnsmasq", "cpe" : "cpe:/a:redhat:openstack:11" }, { "product_name" : "Red Hat OpenStack Platform 12 (Pike)", "fix_state" : "Not affected", "package_name" : "dnsmasq", "cpe" : "cpe:/a:redhat:openstack:12" }, { "product_name" : "Red Hat OpenStack Platform 8 (Liberty)", "fix_state" : "Not affected", "package_name" : "dnsmasq", "cpe" : "cpe:/a:redhat:openstack:8" }, { "product_name" : "Red Hat OpenStack Platform 9 (Mitaka)", "fix_state" : "Not affected", "package_name" : "dnsmasq", "cpe" : "cpe:/a:redhat:openstack:9" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2017-14496\nhttps://nvd.nist.gov/vuln/detail/CVE-2017-14496\nhttps://access.redhat.com/security/vulnerabilities/3199382\nhttps://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html" ], "csaw" : true, "name" : "CVE-2017-14496" }