Skip to main content

Severity by source

NVD PRIMARY
9.8 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

1
CVE Published
Oct 04, 2017 - 01:29 cve.org
CRITICAL 9.8

DescriptionCVE.org

Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response.

AnalysisAI

Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and EPSS exploitation probability 57.8%.

Technical ContextAI

This vulnerability is classified as Out-of-bounds Write (CWE-787), which allows attackers to write data beyond allocated buffer boundaries leading to code execution or crashes. Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response. Affected products include: Thekelleys Dnsmasq, Redhat Enterprise Linux Desktop, Redhat Enterprise Linux Server, Redhat Enterprise Linux Workstation, Canonical Ubuntu Linux. Version information: before 2.78.

RemediationAI

A vendor patch is available. Apply the latest security update as soon as possible. Validate write boundaries, use memory-safe languages, enable compiler protections (ASLR, stack canaries).

CVE-2017-14492 CRITICAL POC
9.8 Oct 03

Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execut

CVE-2017-13704 HIGH
7.5 Oct 03

In dnsmasq before 2.78, if the DNS packet size does not match the expected size, the size parameter in a memset call get

CVE-2017-14495 HIGH POC
7.5 Oct 03

Memory leak in dnsmasq before 2.78, when the --add-mac, --add-cpe-id or --add-subnet option is specified, allows remote

CVE-2017-14496 HIGH POC
7.5 Oct 03

Integer underflow in the add_pseudoheader function in dnsmasq before 2.78 , when the --add-mac, --add-cpe-id or --add-su

CVE-2017-14493 CRITICAL POC
9.8 Oct 03

Stack-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execu

CVE-2017-14494 MEDIUM POC
5.9 Oct 03

dnsmasq before 2.78, when configured as a relay, allows remote attackers to obtain sensitive memory information via vect

CVE-2019-14513 HIGH POC
7.5 Aug 01

Improper bounds checking in Dnsmasq before 2.76 allows an attacker controlled DNS server to send large DNS packets that

CVE-2015-3294 MEDIUM POC
6.4 May 08

The tcp_request function in Dnsmasq before 2.73rc4 does not properly handle the return value of the setup_reply function

CVE-2013-0198 MEDIUM POC
5.0 Mar 05

Dnsmasq before 2.66test2, when used with certain libvirt configurations, replies to queries from prohibited interfaces,

CVE-2026-4892 HIGH
8.4 May 11

Heap-based buffer overflow in dnsmasq's DHCPv6 implementation enables local attackers to execute arbitrary code with roo

CVE-2021-3448 MEDIUM POC
4.0 Apr 08

A flaw was found in dnsmasq in versions before 2.85. Rated medium severity (CVSS 4.0), this vulnerability is remotely ex

CVE-2026-4890 HIGH
7.5 May 11

Remote unauthenticated attackers can crash dnsmasq DNS servers via crafted packets exploiting DNSSEC validation logic. T

Share

CVE-2017-14491 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy