CVE-2017-13704

Published: 02 October 2017

In dnsmasq before 2.78, if the DNS packet size does not match the expected size, the size parameter in a memset call gets a negative value. As it is an unsigned value, memset ends up writing up to 0xffffffff zero's (0xffffffffffffffff in 64 bit platforms), making dnsmasq crash.

Priority

High

CVSS 3 base score: 7.5

Status

Package Release Status
dnsmasq
Launchpad, Ubuntu, Debian
Upstream Needs triage

Ubuntu 16.04 ESM (Xenial Xerus) Not vulnerable
(2.75-1ubuntu0.16.04.2)
Ubuntu 14.04 ESM (Trusty Tahr) Not vulnerable
(2.68-1ubuntu0.1)