A memory exhaustion flaw was found in dnsmasq in the EDNS0 code. An attacker could send crafted DNS packets which would trigger memory allocations which would never be freed, leading to unbounded memory consumption and eventually a crash. This issue only affected configurations using one of the options: add-mac, add-cpe-id, or add-subnet.
Find out more about CVE-2017-14495 from the
MITRE CVE dictionary dictionary and
Red Hat OpenStack Platform includes the dnsmasq-utils RPM which does not contain this flaw's affected code-paths; Red Hat OpenStack Platform is therefore listed as not affected.
However, because all versions of Red Hat OpenStack Platform are based on Red Hat Enterprise Linux, all Red Hat OpenStack Platform users should absolutely upgrade the dnsmasq RPM from Red Hat Enterprise Linux as a matter of urgency using standard update mechanisms (such as 'yum update' or 'openstack overcloud update').