Memory leak in dnsmasq before 2.78, when the --add-mac, --add-cpe-id or --add-subnet option is specified, allows remote attackers to cause a denial of service (memory consumption) via vectors involving DNS response creation.
2017-10-03T01:29:02.153
2025-04-20T01:37:25.860
Deferred
CVSSv3.0: 7.5 (HIGH)
AV:N/AC:L/Au:N/C:N/I:N/A:P
10.0
2.9
Type | Vendor | Product | Version/Range | Vulnerable? |
---|---|---|---|---|
Operating System | canonical | ubuntu_linux | 14.04 | Yes |
Operating System | canonical | ubuntu_linux | 16.04 | Yes |
Operating System | canonical | ubuntu_linux | 17.04 | Yes |
Operating System | debian | debian_linux | 7.0 | Yes |
Operating System | debian | debian_linux | 7.1 | Yes |
Operating System | debian | debian_linux | 9.0 | Yes |
Operating System | novell | leap | 42.2 | No |
Operating System | novell | leap | 42.3 | No |
Operating System | redhat | enterprise_linux_desktop | 7.0 | Yes |
Operating System | redhat | enterprise_linux_server | 7.0 | Yes |
Operating System | redhat | enterprise_linux_workstation | 7.0 | Yes |
Application | thekelleys | dnsmasq | ≤ 2.77 | Yes |