CVE-2017-13704

Impact:
Important
Public Date:
2017-08-21
CWE:
CWE-190
Bugzilla:
1495510: CVE-2017-13704 dnsmasq: Size parameter overflow via large DNS query
An integer underflow flaw leading to a buffer over-read was found in dnsmasq in the DNS code. An attacker could send crafted DNS packets to dnsmasq which would cause it to crash.

Find out more about CVE-2017-13704 from the MITRE CVE dictionary dictionary and NIST NVD.

CVSS v3 metrics

NOTE: The following CVSS v3 metrics and score provided are preliminary and subject to review.

CVSS3 Base Score 7.5
CVSS3 Base Metrics CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector Network
Attack Complexity Low
Privileges Required None
User Interaction None
Scope Unchanged
Confidentiality None
Integrity Impact None
Availability Impact High

Affected Packages State

Platform Package State
Red Hat OpenStack Platform 9.0 dnsmasq Not affected
Red Hat OpenStack Platform 8.0 (Liberty) dnsmasq Not affected
Red Hat OpenStack Platform 12.0 dnsmasq Not affected
Red Hat OpenStack Platform 11.0 (Ocata) dnsmasq Not affected
Red Hat OpenStack Platform 10 dnsmasq Not affected
Red Hat Enterprise Linux OpenStack Platform 7.0 (Kilo) for RHEL 7 dnsmasq Not affected
Red Hat Enterprise Linux OpenStack Platform 6.0 (Juno) for RHEL 7 dnsmasq Not affected
Red Hat Enterprise Linux 7 dnsmasq Not affected
Red Hat Enterprise Linux 6 dnsmasq Not affected
Red Hat Enterprise Linux 5 dnsmasq Not affected
Last Modified