製品・ソフトウェアに関する情報
Vulnerability Search
dnsmasq におけるバッファエラーの脆弱性
Title dnsmasq におけるバッファエラーの脆弱性
Summary

dnsmasq には、バッファエラーの脆弱性が存在します。

Possible impacts 情報を取得される、情報を改ざんされる、およびサービス運用妨害 (DoS) 状態にされる可能性があります。
Solution

ベンダより正式な対策が公開されています。ベンダ情報を参照して適切な対策を実施してください。
Publication Date Sept. 26, 2017, midnight
Registration Date Oct. 24, 2017, 6:20 p.m.
Last Update Nov. 29, 2017, 5:03 p.m.
CVSS3.0 : 緊急
Score 9.8
Vector CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS2.0 : 危険
Score 7.5
Vector AV:N/AC:L/Au:N/C:P/I:P/A:P
Affected System
レッドハット
Red Hat Enterprise Linux Desktop 
Red Hat Enterprise Linux Server 
Red Hat Enterprise Linux Workstation 
Debian
Debian GNU/Linux 
Canonical
Ubuntu 
openSUSE project
openSUSE Leap 
thekelleys
Dnsmasq 2.78 未満
CVE (情報セキュリティ 共通脆弱性識別子)
CWE (共通脆弱性タイプ一覧)
ベンダー情報
その他
Change Log
No Changed Details Date of change
0 [2017年10月24日]
  掲載
[2017年11月29日]
  参考情報:ICS-CERT ADVISORY (ICSA-17-332-01) を追加		 Feb. 17, 2018, 10:37 a.m.
NVD Vulnerability Information
CVE-2017-14491
Summary

Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response.

Publication Date Oct. 4, 2017, 10:29 a.m.
Registration Date Jan. 26, 2021, 1:15 p.m.
Last Update Nov. 21, 2024, 12:12 p.m.
Affected software configurations
Configuration1 or higher or less more than less than
cpe:2.3:a:thekelleys:dnsmasq:*:*:*:*:*:*:*:* 2.77
Configuration2 or higher or less more than less than
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:6.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:6.0:*:*:*:*:*:*:*
Configuration3 or higher or less more than less than
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:17.04:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:12.04:*:*:*:-:*:*:*
Configuration4 or higher or less more than less than
cpe:2.3:o:debian:debian_linux:7.1:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
Configuration5 or higher or less more than less than
cpe:2.3:o:opensuse:leap:42.3:*:*:*:*:*:*:*
cpe:2.3:o:opensuse:leap:42.2:*:*:*:*:*:*:*
Configuration6 or higher or less more than less than
cpe:2.3:o:suse:linux_enterprise_server:11:sp4:*:*:*:*:*:*
cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp3:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:11:sp3:*:*:ltss:*:*:*
cpe:2.3:a:suse:linux_enterprise_debuginfo:11:sp4:*:*:*:*:*:*
cpe:2.3:o:suse:linux_enterprise_server:12:*:*:*:ltss:*:*:*
cpe:2.3:a:suse:linux_enterprise_point_of_sale:11:sp3:*:*:*:*:*:*
Configuration7 or higher or less more than less than
cpe:2.3:o:nvidia:linux_for_tegra:*:*:*:*:*:*:*:* r21.6
execution environment
1 cpe:2.3:h:nvidia:jetson_tk1:-:*:*:*:*:*:*:*
Configuration8 or higher or less more than less than
cpe:2.3:o:nvidia:linux_for_tegra:*:*:*:*:*:*:*:* r24.2.2
execution environment
1 cpe:2.3:h:nvidia:jetson_tx1:-:*:*:*:*:*:*:*
Configuration9 or higher or less more than less than
cpe:2.3:a:nvidia:geforce_experience:*:*:*:*:*:*:*:* 3.0 3.10.0.55
execution environment
1 cpe:2.3:o:microsoft:windows:-:*:*:*:*:*:*:*
Configuration10 or higher or less more than less than
cpe:2.3:o:huawei:honor_v9_play_firmware:*:*:*:*:*:*:*:* jimmy-al00ac00b135
execution environment
1 cpe:2.3:h:huawei:honor_v9_play:-:*:*:*:*:*:*:*
Configuration11 or higher or less more than less than
cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:* 4.18 4.18.4.2f
cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:* 4.17 4.17.8m
cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:* 4.15
cpe:2.3:o:arista:eos:*:*:*:*:*:*:*:* 4.16 4.16.13m
Configuration12 or higher or less more than less than
cpe:2.3:o:siemens:ruggedcom_rm1224_firmware:*:*:*:*:*:*:*:* 5.0
execution environment
1 cpe:2.3:h:siemens:ruggedcom_rm1224:-:*:*:*:*:*:*:*
Configuration13 or higher or less more than less than
cpe:2.3:o:siemens:scalance_m-800_firmware:*:*:*:*:*:*:*:* 5.0
execution environment
1 cpe:2.3:h:siemens:scalance_m-800:-:*:*:*:*:*:*:*
Configuration14 or higher or less more than less than
cpe:2.3:o:siemens:scalance_s615_firmware:*:*:*:*:*:*:*:* 5.0
execution environment
1 cpe:2.3:h:siemens:scalance_s615:-:*:*:*:*:*:*:*
Configuration15 or higher or less more than less than
cpe:2.3:o:siemens:scalance_w1750d_firmware:*:*:*:*:*:*:*:* 6.5.1.5
execution environment
1 cpe:2.3:h:siemens:scalance_w1750d:-:*:*:*:*:*:*:*
Configuration16 or higher or less more than less than
cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:* 8.1.0.0 8.1.0.4
cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:* 6.5.4.0 6.5.4.2
cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:* 6.5.3.0 6.5.3.3
cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:* 6.5.0.0 6.5.1.9
cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:* 6.4.4.0 6.4.4.16
cpe:2.3:o:arubanetworks:arubaos:*:*:*:*:*:*:*:* 6.3.1 6.3.1.25
Configuration17 or higher or less more than less than
cpe:2.3:a:synology:router_manager:1.1:*:*:*:*:*:*:*
cpe:2.3:a:synology:diskstation_manager:6.0:*:*:*:*:*:*:*
cpe:2.3:a:synology:diskstation_manager:5.2:*:*:*:*:*:*:*
cpe:2.3:a:synology:diskstation_manager:6.1:*:*:*:*:*:*:*
Related information, measures and tools
Common Vulnerabilities List