{
  "threat_severity" : "Low",
  "public_date" : "2019-10-23T00:00:00Z",
  "bugzilla" : {
    "description" : "dnsmasq: memory leak in the create_helper() function in /src/helper.c",
    "id" : "1764425",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1764425"
  },
  "cvss3" : {
    "cvss3_base_score" : "3.7",
    "cvss3_scoring_vector" : "CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L",
    "status" : "verified"
  },
  "cwe" : "CWE-770",
  "details" : [ "A vulnerability was found in dnsmasq before version 2.81, where the memory leak allows remote attackers to cause a denial of service (memory consumption) via vectors involving DHCP response creation.", "A flaw was found in the Dnsmasq application where a remote attacker can trigger a memory leak by sending specially crafted DHCP responses to the server. A successful attack is dependent on a specific configuration regarding the domain name set into the dnsmasq.conf file. Over time, the memory leak may cause the process to run out of memory and terminate, causing a denial of service." ],
  "statement" : "In Red Hat OpenStack Platform, which currently supports Red Hat Enterprise Linux 7.7, the dnsmasq package is pulled directly from the rhel-7-server-rpms channel. Red Hat OpenStack Platform's version is therefore unused, please ensure that the underlying Red Hat Enterprise Linux dnsmasq package is current.",
  "acknowledgement" : "Red Hat would like to thank Xu Mingjie (varas@IIE) for reporting this issue.",
  "affected_release" : [ {
    "product_name" : "Red Hat Enterprise Linux 7",
    "release_date" : "2020-09-29T00:00:00Z",
    "advisory" : "RHSA-2020:3878",
    "cpe" : "cpe:/o:redhat:enterprise_linux:7",
    "package" : "dnsmasq-0:2.76-16.el7"
  }, {
    "product_name" : "Red Hat Enterprise Linux 8",
    "release_date" : "2020-04-28T00:00:00Z",
    "advisory" : "RHSA-2020:1715",
    "cpe" : "cpe:/a:redhat:enterprise_linux:8",
    "package" : "dnsmasq-0:2.79-11.el8"
  } ],
  "package_state" : [ {
    "product_name" : "Red Hat Enterprise Linux 5",
    "fix_state" : "Out of support scope",
    "package_name" : "dnsmasq",
    "cpe" : "cpe:/o:redhat:enterprise_linux:5"
  }, {
    "product_name" : "Red Hat Enterprise Linux 6",
    "fix_state" : "Out of support scope",
    "package_name" : "dnsmasq",
    "cpe" : "cpe:/o:redhat:enterprise_linux:6"
  }, {
    "product_name" : "Red Hat OpenStack Platform 10 (Newton)",
    "fix_state" : "Will not fix",
    "package_name" : "dnsmasq",
    "cpe" : "cpe:/a:redhat:openstack:10"
  }, {
    "product_name" : "Red Hat OpenStack Platform 13 (Queens)",
    "fix_state" : "Will not fix",
    "package_name" : "dnsmasq",
    "cpe" : "cpe:/a:redhat:openstack:13"
  }, {
    "product_name" : "Red Hat OpenStack Platform 14 (Rocky)",
    "fix_state" : "Will not fix",
    "package_name" : "dnsmasq",
    "cpe" : "cpe:/a:redhat:openstack:14"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2019-14834\nhttps://nvd.nist.gov/vuln/detail/CVE-2019-14834" ],
  "name" : "CVE-2019-14834",
  "csaw" : false
}