ID

VAR-201710-1267


CVE

CVE-2017-13704


TITLE

Dnsmasq contains multiple vulnerabilities

Trust: 0.8

sources: CERT/CC: VU#973527

DESCRIPTION

In dnsmasq before 2.78, if the DNS packet size does not match the expected size, the size parameter in a memset call gets a negative value. As it is an unsigned value, memset ends up writing up to 0xffffffff zero's (0xffffffffffffffff in 64 bit platforms), making dnsmasq crash. Dnsmasq versions 2.77 and earlier contains multiple vulnerabilities. dnsmasq Contains an input validation vulnerability.Service operation interruption (DoS) There is a possibility of being put into a state. Multiple Siemens SCALANCE Products are prone to the following security vulnerabilities: 1. A buffer-overflow vulnerability 2. Multiple denial-of-service vulnerabilities Attackers can exploit these issues to execute arbitrary code within the context of affected device or cause a denial-of-service condition. This BID is being retired as a duplicate of BID 101085 Dnsmasq VU#973527 Multiple Security Vulnerabilities

Trust: 2.97

sources: NVD: CVE-2017-13704 // CERT/CC: VU#973527 // JVNDB: JVNDB-2017-008617 // BID: 101977 // BID: 101085 // VULMON: CVE-2017-13704

AFFECTED PRODUCTS

vendor:fedoraprojectmodel:fedorascope:eqversion:27

Trust: 1.3

vendor:canonicalmodel:ubuntu linuxscope:eqversion:17.04

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:14.04

Trust: 1.0

vendor:novellmodel:leapscope:eqversion:42.3

Trust: 1.0

vendor:thekelleysmodel:dnsmasqscope:lteversion:2.77

Trust: 1.0

vendor:novellmodel:leapscope:eqversion:42.2

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:7.1

Trust: 1.0

vendor:redhatmodel:enterprise linux desktopscope:eqversion:7.0

Trust: 1.0

vendor:redhatmodel:enterprise linux workstationscope:eqversion:7.0

Trust: 1.0

vendor:redhatmodel:enterprise linux serverscope:eqversion:7.0

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:9.0

Trust: 1.0

vendor:debianmodel:linuxscope:eqversion:7.0

Trust: 1.0

vendor:canonicalmodel:ubuntu linuxscope:eqversion:16.04

Trust: 1.0

vendor:thekelleysmodel:dnsmasqscope:eqversion:2.77

Trust: 0.9

vendor:ruckusmodel: - scope: - version: -

Trust: 0.8

vendor:technicolormodel: - scope: - version: -

Trust: 0.8

vendor:zyxelmodel: - scope: - version: -

Trust: 0.8

vendor:dnsmasqmodel: - scope: - version: -

Trust: 0.8

vendor:canonicalmodel:ubuntuscope: - version: -

Trust: 0.8

vendor:debianmodel:gnu/linuxscope: - version: -

Trust: 0.8

vendor:fedoramodel:fedorascope: - version: -

Trust: 0.8

vendor:thekelleysmodel:dnsmasqscope:ltversion:2.78

Trust: 0.8

vendor:red hatmodel:enterprise linux desktopscope: - version: -

Trust: 0.8

vendor:red hatmodel:enterprise linux serverscope: - version: -

Trust: 0.8

vendor:red hatmodel:enterprise linux workstationscope: - version: -

Trust: 0.8

vendor:redhatmodel:enterprise linux server year extended update supportscope:eqversion:-47.4

Trust: 0.6

vendor:siemensmodel:scalance w1750dscope:eqversion:0

Trust: 0.3

vendor:siemensmodel:scalance s615scope:eqversion:0

Trust: 0.3

vendor:siemensmodel:scalance m800scope:eqversion:0

Trust: 0.3

vendor:ubuntumodel:linuxscope:eqversion:17.04

Trust: 0.3

vendor:ubuntumodel:linux ltsscope:eqversion:16.04

Trust: 0.3

vendor:ubuntumodel:linux ltsscope:eqversion:14.04

Trust: 0.3

vendor:thekelleysmodel:dnsmasqscope:eqversion:1.2.2

Trust: 0.3

vendor:thekelleysmodel:dnsmasqscope:eqversion:2.75

Trust: 0.3

vendor:thekelleysmodel:dnsmasqscope:eqversion:2.72

Trust: 0.3

vendor:thekelleysmodel:dnsmasqscope:eqversion:2.71

Trust: 0.3

vendor:thekelleysmodel:dnsmasqscope:eqversion:2.70

Trust: 0.3

vendor:thekelleysmodel:dnsmasqscope:eqversion:2.7

Trust: 0.3

vendor:thekelleysmodel:dnsmasqscope:eqversion:2.65

Trust: 0.3

vendor:thekelleysmodel:dnsmasqscope:eqversion:2.64

Trust: 0.3

vendor:thekelleysmodel:dnsmasqscope:eqversion:2.63

Trust: 0.3

vendor:thekelleysmodel:dnsmasqscope:eqversion:2.62

Trust: 0.3

vendor:thekelleysmodel:dnsmasqscope:eqversion:2.61

Trust: 0.3

vendor:thekelleysmodel:dnsmasqscope:eqversion:2.60

Trust: 0.3

vendor:thekelleysmodel:dnsmasqscope:eqversion:2.6

Trust: 0.3

vendor:thekelleysmodel:dnsmasqscope:eqversion:2.59

Trust: 0.3

vendor:thekelleysmodel:dnsmasqscope:eqversion:2.58

Trust: 0.3

vendor:thekelleysmodel:dnsmasqscope:eqversion:2.57

Trust: 0.3

vendor:thekelleysmodel:dnsmasqscope:eqversion:2.56

Trust: 0.3

vendor:thekelleysmodel:dnsmasqscope:eqversion:2.55

Trust: 0.3

vendor:thekelleysmodel:dnsmasqscope:eqversion:2.54

Trust: 0.3

vendor:thekelleysmodel:dnsmasqscope:eqversion:2.53

Trust: 0.3

vendor:thekelleysmodel:dnsmasqscope:eqversion:2.52

Trust: 0.3

vendor:thekelleysmodel:dnsmasqscope:eqversion:2.51

Trust: 0.3

vendor:thekelleysmodel:dnsmasqscope:eqversion:2.50

Trust: 0.3

vendor:thekelleysmodel:dnsmasqscope:eqversion:2.49

Trust: 0.3

vendor:thekelleysmodel:dnsmasqscope:eqversion:2.48

Trust: 0.3

vendor:thekelleysmodel:dnsmasqscope:eqversion:2.47

Trust: 0.3

vendor:thekelleysmodel:dnsmasqscope:eqversion:2.46

Trust: 0.3

vendor:thekelleysmodel:dnsmasqscope:eqversion:2.45

Trust: 0.3

vendor:thekelleysmodel:dnsmasqscope:eqversion:2.44

Trust: 0.3

vendor:thekelleysmodel:dnsmasqscope:eqversion:2.43

Trust: 0.3

vendor:thekelleysmodel:dnsmasqscope:eqversion:2.42

Trust: 0.3

vendor:thekelleysmodel:dnsmasqscope:eqversion:2.41

Trust: 0.3

vendor:thekelleysmodel:dnsmasqscope:eqversion:2.40

Trust: 0.3

vendor:thekelleysmodel:dnsmasqscope:eqversion:2.4

Trust: 0.3

vendor:thekelleysmodel:dnsmasqscope:eqversion:2.38

Trust: 0.3

vendor:thekelleysmodel:dnsmasqscope:eqversion:2.37

Trust: 0.3

vendor:thekelleysmodel:dnsmasqscope:eqversion:2.36

Trust: 0.3

vendor:thekelleysmodel:dnsmasqscope:eqversion:2.35

Trust: 0.3

vendor:thekelleysmodel:dnsmasqscope:eqversion:2.34

Trust: 0.3

vendor:thekelleysmodel:dnsmasqscope:eqversion:2.33

Trust: 0.3

vendor:thekelleysmodel:dnsmasqscope:eqversion:2.30

Trust: 0.3

vendor:thekelleysmodel:dnsmasqscope:eqversion:2.29

Trust: 0.3

vendor:thekelleysmodel:dnsmasqscope:eqversion:2.28

Trust: 0.3

vendor:thekelleysmodel:dnsmasqscope:eqversion:2.27

Trust: 0.3

vendor:thekelleysmodel:dnsmasqscope:eqversion:2.26

Trust: 0.3

vendor:thekelleysmodel:dnsmasqscope:eqversion:2.25

Trust: 0.3

vendor:thekelleysmodel:dnsmasqscope:eqversion:2.24

Trust: 0.3

vendor:thekelleysmodel:dnsmasqscope:eqversion:2.23

Trust: 0.3

vendor:thekelleysmodel:dnsmasqscope:eqversion:2.22

Trust: 0.3

vendor:thekelleysmodel:dnsmasqscope:eqversion:2.21

Trust: 0.3

vendor:thekelleysmodel:dnsmasqscope:eqversion:2.20

Trust: 0.3

vendor:thekelleysmodel:dnsmasqscope:eqversion:2.2

Trust: 0.3

vendor:thekelleysmodel:dnsmasqscope:eqversion:2.19

Trust: 0.3

vendor:thekelleysmodel:dnsmasqscope:eqversion:2.18

Trust: 0.3

vendor:thekelleysmodel:dnsmasqscope:eqversion:2.17

Trust: 0.3

vendor:thekelleysmodel:dnsmasqscope:eqversion:2.16

Trust: 0.3

vendor:thekelleysmodel:dnsmasqscope:eqversion:2.15

Trust: 0.3

vendor:thekelleysmodel:dnsmasqscope:eqversion:2.14

Trust: 0.3

vendor:thekelleysmodel:dnsmasqscope:eqversion:2.13

Trust: 0.3

vendor:thekelleysmodel:dnsmasqscope:eqversion:2.12

Trust: 0.3

vendor:thekelleysmodel:dnsmasqscope:eqversion:2.11

Trust: 0.3

vendor:thekelleysmodel:dnsmasqscope:eqversion:2.10

Trust: 0.3

vendor:thekelleysmodel:dnsmasqscope:eqversion:1.9

Trust: 0.3

vendor:thekelleysmodel:dnsmasqscope:eqversion:1.8

Trust: 0.3

vendor:thekelleysmodel:dnsmasqscope:eqversion:1.6

Trust: 0.3

vendor:thekelleysmodel:dnsmasqscope:eqversion:1.5

Trust: 0.3

vendor:thekelleysmodel:dnsmasqscope:eqversion:1.4

Trust: 0.3

vendor:thekelleysmodel:dnsmasqscope:eqversion:1.3

Trust: 0.3

vendor:thekelleysmodel:dnsmasqscope:eqversion:1.18

Trust: 0.3

vendor:thekelleysmodel:dnsmasqscope:eqversion:1.17

Trust: 0.3

vendor:thekelleysmodel:dnsmasqscope:eqversion:1.16

Trust: 0.3

vendor:thekelleysmodel:dnsmasqscope:eqversion:1.15

Trust: 0.3

vendor:thekelleysmodel:dnsmasqscope:eqversion:1.14

Trust: 0.3

vendor:thekelleysmodel:dnsmasqscope:eqversion:1.13

Trust: 0.3

vendor:thekelleysmodel:dnsmasqscope:eqversion:1.12

Trust: 0.3

vendor:thekelleysmodel:dnsmasqscope:eqversion:1.11

Trust: 0.3

vendor:thekelleysmodel:dnsmasqscope:eqversion:1.10

Trust: 0.3

vendor:thekelleysmodel:dnsmasqscope:eqversion:1.0

Trust: 0.3

vendor:thekelleysmodel:dnsmasqscope:eqversion:0.996

Trust: 0.3

vendor:thekelleysmodel:dnsmasqscope:eqversion:0.992

Trust: 0.3

vendor:thekelleysmodel:dnsmasqscope:eqversion:0.98

Trust: 0.3

vendor:thekelleysmodel:dnsmasqscope:eqversion:0.96

Trust: 0.3

vendor:thekelleysmodel:dnsmasqscope:eqversion:0.95

Trust: 0.3

vendor:thekelleysmodel:dnsmasqscope:eqversion:0.7

Trust: 0.3

vendor:thekelleysmodel:dnsmasqscope:eqversion:0.6

Trust: 0.3

vendor:thekelleysmodel:dnsmasqscope:eqversion:0.5

Trust: 0.3

vendor:thekelleysmodel:dnsmasqscope:eqversion:0.4

Trust: 0.3

vendor:slackwaremodel:linuxscope:eqversion:14.2

Trust: 0.3

vendor:slackwaremodel:linuxscope:eqversion:14.1

Trust: 0.3

vendor:slackwaremodel:linuxscope:eqversion:14.0

Trust: 0.3

vendor:slackwaremodel:linuxscope:eqversion:13.37

Trust: 0.3

vendor:slackwaremodel:linuxscope:eqversion:13.1

Trust: 0.3

vendor:slackwaremodel:linuxscope:eqversion:13.0

Trust: 0.3

vendor:redhatmodel:enterprise linux workstation optionalscope:eqversion:7

Trust: 0.3

vendor:redhatmodel:enterprise linux workstation optionalscope:eqversion:6

Trust: 0.3

vendor:redhatmodel:enterprise linux workstationscope:eqversion:7

Trust: 0.3

vendor:redhatmodel:enterprise linux workstationscope:eqversion:6

Trust: 0.3

vendor:redhatmodel:enterprise linux server tusscope:eqversion:6.6

Trust: 0.3

vendor:redhatmodel:enterprise linux server tusscope:eqversion:6.5

Trust: 0.3

vendor:redhatmodel:enterprise linux server optional eusscope:eqversion:7.3

Trust: 0.3

vendor:redhatmodel:enterprise linux server optional eusscope:eqversion:7.2

Trust: 0.3

vendor:redhatmodel:enterprise linux server optional eusscope:eqversion:6.5

Trust: 0.3

vendor:redhatmodel:enterprise linux server optional ausscope:eqversion:6.6

Trust: 0.3

vendor:redhatmodel:enterprise linux server optional ausscope:eqversion:6.5

Trust: 0.3

vendor:redhatmodel:enterprise linux server optional ausscope:eqversion:6.4

Trust: 0.3

vendor:redhatmodel:enterprise linux server optionalscope:eqversion:7

Trust: 0.3

vendor:redhatmodel:enterprise linux server optionalscope:eqversion:6

Trust: 0.3

vendor:redhatmodel:enterprise linux server for armscope:eqversion:7

Trust: 0.3

vendor:redhatmodel:enterprise linux server eusscope:eqversion:7.3

Trust: 0.3

vendor:redhatmodel:enterprise linux server eusscope:eqversion:7.2

Trust: 0.3

vendor:redhatmodel:enterprise linux server ausscope:eqversion:6.6

Trust: 0.3

vendor:redhatmodel:enterprise linux server ausscope:eqversion:6.5

Trust: 0.3

vendor:redhatmodel:enterprise linux server ausscope:eqversion:6.4

Trust: 0.3

vendor:redhatmodel:enterprise linux server ausscope:eqversion:6.2

Trust: 0.3

vendor:redhatmodel:enterprise linux server tusscope:eqversion:-7.4

Trust: 0.3

vendor:redhatmodel:enterprise linux server tusscope:eqversion:-7.3

Trust: 0.3

vendor:redhatmodel:enterprise linux server tusscope:eqversion:-7.2

Trust: 0.3

vendor:redhatmodel:enterprise linux server extended update supportscope:eqversion:-7.4

Trust: 0.3

vendor:redhatmodel:enterprise linux server extended update supportscope:eqversion:-7.2

Trust: 0.3

vendor:redhatmodel:enterprise linux server extended update supporscope:eqversion:-7.3

Trust: 0.3

vendor:redhatmodel:enterprise linux server ausscope:eqversion:-7.4

Trust: 0.3

vendor:redhatmodel:enterprise linux server ausscope:eqversion:-7.3

Trust: 0.3

vendor:redhatmodel:enterprise linux server ausscope:eqversion:-7.2

Trust: 0.3

vendor:redhatmodel:enterprise linux server year extended update supportscope:eqversion:-47.2

Trust: 0.3

vendor:redhatmodel:enterprise linux server year extended updscope:eqversion:-47.3

Trust: 0.3

vendor:redhatmodel:enterprise linux serverscope:eqversion:7

Trust: 0.3

vendor:redhatmodel:enterprise linux serverscope:eqversion:6

Trust: 0.3

vendor:redhatmodel:enterprise linux serverscope:eqversion:5

Trust: 0.3

vendor:redhatmodel:enterprise linux long life serverscope:eqversion:5.9

Trust: 0.3

vendor:redhatmodel:enterprise linux hpc node optionalscope:eqversion:6

Trust: 0.3

vendor:redhatmodel:enterprise linux hpc nodescope:eqversion:6

Trust: 0.3

vendor:redhatmodel:enterprise linux for scientific computingscope:eqversion:7

Trust: 0.3

vendor:redhatmodel:enterprise linux for power little endian extended update suppscope:eqversion:-7.4

Trust: 0.3

vendor:redhatmodel:enterprise linux for power little endianscope:eqversion:7

Trust: 0.3

vendor:redhatmodel:enterprise linux for power big endian extended update supportscope:eqversion:-7.4

Trust: 0.3

vendor:redhatmodel:enterprise linux for power big endianscope:eqversion:7

Trust: 0.3

vendor:redhatmodel:enterprise linux for power little endian extended update supposcope:eqversion:-7.3

Trust: 0.3

vendor:redhatmodel:enterprise linux for power little endian extended update supposcope:eqversion:-7.2

Trust: 0.3

vendor:redhatmodel:enterprise linux for power big endian extended update supportscope:eqversion:-7.3

Trust: 0.3

vendor:redhatmodel:enterprise linux for power big endian extended update supportscope:eqversion:-7.2

Trust: 0.3

vendor:redhatmodel:enterprise linux for ibm z systems extended update supportscope:eqversion:-7.4

Trust: 0.3

vendor:redhatmodel:enterprise linux for ibm z systems extended update supportscope:eqversion:-7.3

Trust: 0.3

vendor:redhatmodel:enterprise linux for ibm z systems extended update supportscope:eqversion:-7.2

Trust: 0.3

vendor:redhatmodel:enterprise linux for ibm z systemsscope:eqversion:7

Trust: 0.3

vendor:redhatmodel:enterprise linux eus compute nodescope:eqversion:7.4

Trust: 0.3

vendor:redhatmodel:enterprise linux eus compute nodescope:eqversion:7.3

Trust: 0.3

vendor:redhatmodel:enterprise linux eus compute nodescope:eqversion:7.2

Trust: 0.3

vendor:redhatmodel:enterprise linux desktop optionalscope:eqversion:6

Trust: 0.3

vendor:redhatmodel:enterprise linux desktopscope:eqversion:7

Trust: 0.3

vendor:redhatmodel:enterprise linux desktopscope:eqversion:6

Trust: 0.3

vendor:redhatmodel:enterprise linux computenode optional eusscope:eqversion:7.3

Trust: 0.3

vendor:redhatmodel:enterprise linux computenode optional eusscope:eqversion:7.2

Trust: 0.3

vendor:redhatmodel:enterprise linux computenode optionalscope:eqversion:7

Trust: 0.3

vendor:redhatmodel:enterprise linux computenode eusscope:eqversion:7.3

Trust: 0.3

vendor:redhatmodel:enterprise linux computenode eusscope:eqversion:7.2

Trust: 0.3

vendor:redhatmodel:enterprise linux computenodescope:eqversion:7

Trust: 0.3

vendor:oraclemodel:linuxscope:eqversion:7

Trust: 0.3

vendor:oraclemodel:linuxscope:eqversion:6

Trust: 0.3

vendor:opensusemodel:leapscope:eqversion:42.3

Trust: 0.3

vendor:opensusemodel:leapscope:eqversion:42.2

Trust: 0.3

vendor:kubernetesmodel:kubernetesscope:eqversion:1.7.6

Trust: 0.3

vendor:kubernetesmodel:kubernetesscope:eqversion:1.7

Trust: 0.3

vendor:kubernetesmodel:kubernetesscope:eqversion:1.6.10

Trust: 0.3

vendor:kubernetesmodel:kubernetesscope:eqversion:1.6

Trust: 0.3

vendor:kubernetesmodel:kubernetesscope:eqversion:1.5.7

Trust: 0.3

vendor:kubernetesmodel:kubernetesscope:eqversion:1.5

Trust: 0.3

vendor:kubernetesmodel:kubernetesscope:eqversion:1.2

Trust: 0.3

vendor:googlemodel:androidscope:eqversion:7.1.1

Trust: 0.3

vendor:googlemodel:androidscope:eqversion:6.0.1

Trust: 0.3

vendor:googlemodel:androidscope:eqversion:5.1.1

Trust: 0.3

vendor:googlemodel:androidscope:eqversion:5.0.2

Trust: 0.3

vendor:googlemodel:androidscope:eqversion:4.4.4

Trust: 0.3

vendor:googlemodel:androidscope:eqversion:8.0

Trust: 0.3

vendor:googlemodel:androidscope:eqversion:7.1.2

Trust: 0.3

vendor:googlemodel:androidscope:eqversion:7.0

Trust: 0.3

vendor:googlemodel:androidscope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux sparcscope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux s/390scope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux powerpcscope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux mipsscope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux ia-64scope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux ia-32scope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux ia-30scope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux armscope:eqversion:6.0

Trust: 0.3

vendor:debianmodel:linux amd64scope:eqversion:6.0

Trust: 0.3

vendor:centosmodel:centosscope:eqversion:7

Trust: 0.3

vendor:centosmodel:centosscope:eqversion:6

Trust: 0.3

vendor:thekelleysmodel:dnsmasqscope:neversion:2.78

Trust: 0.3

vendor:kubernetesmodel:kubernetesscope:neversion:1.8

Trust: 0.3

vendor:kubernetesmodel:kubernetesscope:neversion:1.7.7

Trust: 0.3

vendor:kubernetesmodel:kubernetesscope:neversion:1.6.11

Trust: 0.3

vendor:kubernetesmodel:kubernetesscope:neversion:1.5.8

Trust: 0.3

sources: CERT/CC: VU#973527 // BID: 101977 // BID: 101085 // JVNDB: JVNDB-2017-008617 // CNNVD: CNNVD-201708-1115 // NVD: CVE-2017-13704

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-2017-13704
value: HIGH

Trust: 1.0

NVD: CVE-2017-13704
value: HIGH

Trust: 0.8

CNNVD: CNNVD-201708-1115
value: MEDIUM

Trust: 0.6

VULMON: CVE-2017-13704
value: MEDIUM

Trust: 0.1

nvd@nist.gov: CVE-2017-13704
severity: MEDIUM
baseScore: 5.0
vectorString: AV:N/AC:L/AU:N/C:N/I:N/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 2.9
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.9

nvd@nist.gov: CVE-2017-13704
baseSeverity: HIGH
baseScore: 7.5
vectorString: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
attackVector: NETWORK
attackComplexity: LOW
privilegesRequired: NONE
userInteraction: NONE
scope: UNCHANGED
confidentialityImpact: NONE
integrityImpact: NONE
availabilityImpact: HIGH
exploitabilityScore: 3.9
impactScore: 3.6
version: 3.0

Trust: 1.8

sources: VULMON: CVE-2017-13704 // JVNDB: JVNDB-2017-008617 // CNNVD: CNNVD-201708-1115 // NVD: CVE-2017-13704

PROBLEMTYPE DATA

problemtype:CWE-20

Trust: 1.8

problemtype:CWE-191

Trust: 0.8

sources: JVNDB: JVNDB-2017-008617 // NVD: CVE-2017-13704

THREAT TYPE

network

Trust: 0.6

sources: BID: 101977 // BID: 101085

TYPE

Input Validation Error

Trust: 0.9

sources: BID: 101977 // CNNVD: CNNVD-201708-1115

CONFIGURATIONS

sources: JVNDB: JVNDB-2017-008617

PATCH

title:FEDORA-2017-274d763ed8url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4TK6DWC53WSU6633EVZL7H4PCWBYHMHK/

Trust: 0.8

title:CHANGELOGurl:http://thekelleys.org.uk/dnsmasq/CHANGELOG

Trust: 0.8

title:Fix CVE-2017-13704, which resulted in a crash on a large DNS query.url:http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=63437ffbb58837b214b4b92cb1c54bc5f3279928

Trust: 0.8

title:USN-3430-2url:https://usn.ubuntu.com/usn/USN-3430-2/

Trust: 0.8

title:USN-3430-1url:https://usn.ubuntu.com/usn/USN-3430-1/

Trust: 0.8

title:dnsmasq: Multiple Critical and Important vulnerabilitiesurl:https://access.redhat.com/security/vulnerabilities/3199382

Trust: 0.8

title:Dnsmasq Enter the fix for the verification vulnerabilityurl:http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=92838

Trust: 0.6

title:Debian CVElist Bug Report Logs: dnsmasq: CVE-2017-13704: Size parameter overflow via large DNS queryurl:https://vulmon.com/vendoradvisory?qidtp=debian_cvelist_bugreportlogs&qid=fa8aad66cae5df51d49e1cdce2fe4a42

Trust: 0.1

title:Red Hat: CVE-2017-13704url:https://vulmon.com/vendoradvisory?qidtp=red_hat_cve_database&qid=CVE-2017-13704

Trust: 0.1

title:Siemens Security Advisories: Siemens Security Advisoryurl:https://vulmon.com/vendoradvisory?qidtp=siemens_security_advisories&qid=7f490a104360d6f65bee18ec7bfa18a3

Trust: 0.1

title:Brocade Security Advisories: BSA-2017-455url:https://vulmon.com/vendoradvisory?qidtp=brocade_security_advisories&qid=f173c512f0a725c451f45840ccf64e99

Trust: 0.1

title:Oracle Solaris Third Party Bulletins: Oracle Solaris Third Party Bulletin - October 2017url:https://vulmon.com/vendoradvisory?qidtp=oracle_solaris_third_party_bulletins&qid=6283337cd31f81f24d445925f2138c0e

Trust: 0.1

title:Threatposturl:https://threatpost.com/google-warns-of-dos-and-rce-bugs-in-dnsmasq/128238/

Trust: 0.1

sources: VULMON: CVE-2017-13704 // JVNDB: JVNDB-2017-008617 // CNNVD: CNNVD-201708-1115

EXTERNAL IDS

db:NVDid:CVE-2017-13704

Trust: 3.1

db:CERT/CCid:VU#973527

Trust: 2.5

db:BIDid:101085

Trust: 2.0

db:ICS CERTid:ICSA-17-332-01

Trust: 2.0

db:BIDid:101977

Trust: 1.4

db:SECTRACKid:1039474

Trust: 1.1

db:SIEMENSid:SSA-689071

Trust: 1.1

db:JVNid:JVNVU93453933

Trust: 0.8

db:JVNDBid:JVNDB-2017-008617

Trust: 0.8

db:CNNVDid:CNNVD-201708-1115

Trust: 0.6

db:VULMONid:CVE-2017-13704

Trust: 0.1

sources: CERT/CC: VU#973527 // VULMON: CVE-2017-13704 // BID: 101977 // BID: 101085 // JVNDB: JVNDB-2017-008617 // CNNVD: CNNVD-201708-1115 // NVD: CVE-2017-13704

REFERENCES

url:https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html

Trust: 2.8

url:http://www.securityfocus.com/bid/101085

Trust: 2.3

url:https://ics-cert.us-cert.gov/advisories/icsa-17-332-01

Trust: 2.0

url:http://www.thekelleys.org.uk/dnsmasq/doc.html

Trust: 1.7

url:https://www.kb.cert.org/vuls/id/973527

Trust: 1.7

url:http://www.securityfocus.com/bid/101977

Trust: 1.2

url:http://thekelleys.org.uk/dnsmasq/changelog

Trust: 1.1

url:http://www.securitytracker.com/id/1039474

Trust: 1.1

url:https://access.redhat.com/security/vulnerabilities/3199382

Trust: 1.1

url:https://www.synology.com/support/security/synology_sa_17_59_dnsmasq

Trust: 1.1

url:https://cert-portal.siemens.com/productcert/pdf/ssa-689071.pdf

Trust: 1.1

url:https://access.redhat.com/security/cve/cve-2017-13704

Trust: 1.0

url:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4tk6dwc53wsu6633evzl7h4pcwbyhmhk/

Trust: 1.0

url:https://www.mail-archive.com/dnsmasq-discuss%40lists.thekelleys.org.uk/msg11665.html

Trust: 1.0

url:http://thekelleys.org.uk/gitweb/?p=dnsmasq.git%3ba=commit%3bh=63437ffbb58837b214b4b92cb1c54bc5f3279928

Trust: 1.0

url:https://www.mail-archive.com/dnsmasq-discuss%40lists.thekelleys.org.uk/msg11664.html

Trust: 1.0

url:http://www.thekelleys.org.uk/dnsmasq/changelog

Trust: 0.9

url:https://github.com/google/security-research-pocs/blob/master/vulnerabilities/dnsmasq/cve-2017-14491.py

Trust: 0.9

url:https://github.com/google/security-research-pocs/blob/master/vulnerabilities/dnsmasq/cve-2017-14492.py

Trust: 0.9

url:https://github.com/google/security-research-pocs/blob/master/vulnerabilities/dnsmasq/cve-2017-14493.py

Trust: 0.9

url:https://github.com/google/security-research-pocs/blob/master/vulnerabilities/dnsmasq/cve-2017-14494.py

Trust: 0.9

url:https://github.com/google/security-research-pocs/blob/master/vulnerabilities/dnsmasq/cve-2017-14495.py

Trust: 0.9

url:https://github.com/kubernetes/kubernetes/blob/master/changelog.md

Trust: 0.9

url:http://www.slackware.com/security/viewer.php?l=slackware-security&y=2017&m=slackware-security.601472

Trust: 0.9

url:https://source.android.com/security/bulletin/2017-10-01

Trust: 0.9

url:https://bugzilla.redhat.com/show_bug.cgi?id=1495410

Trust: 0.9

url:https://bugzilla.redhat.com/show_bug.cgi?id=1495411

Trust: 0.9

url:https://bugzilla.redhat.com/show_bug.cgi?id=1495412

Trust: 0.9

url:https://bugzilla.redhat.com/show_bug.cgi?id=1495415

Trust: 0.9

url:https://bugzilla.redhat.com/show_bug.cgi?id=1495416

Trust: 0.9

url:https://bugzilla.redhat.com/show_bug.cgi?id=1495510

Trust: 0.9

url:https://access.redhat.com/security/cve/cve-2017-14491

Trust: 0.9

url:https://access.redhat.com/security/cve/cve-2017-14492

Trust: 0.9

url:https://access.redhat.com/security/cve/cve-2017-14493

Trust: 0.9

url:https://access.redhat.com/security/cve/cve-2017-14494

Trust: 0.9

url:https://access.redhat.com/security/cve/cve-2017-14495

Trust: 0.9

url:https://access.redhat.com/security/cve/cve-2017-14496

Trust: 0.9

url:https://www.debian.org/security/2017/dsa-3989

Trust: 0.9

url:https://github.com/google/security-research-pocs/blob/master/vulnerabilities/dnsmasq/cve-2017-14496.py

Trust: 0.9

url:https://access.redhat.com/errata/rhsa-2017:2836

Trust: 0.9

url:https://access.redhat.com/errata/rhsa-2017:2837

Trust: 0.9

url:https://www.ruckuswireless.com/security

Trust: 0.8

url:https://www.zyxel.com/support/announcement_dnsmasq_vulnerabilities.shtml

Trust: 0.8

url:http://cve.mitre.org/cgi-bin/cvename.cgi?name=cve-2017-13704

Trust: 0.8

url:http://jvn.jp/vu/jvnvu93453933/index.html

Trust: 0.8

url:https://nvd.nist.gov/vuln/detail/cve-2017-13704

Trust: 0.8

url:https://bugzilla.redhat.com/show_bug.cgi?id=1495409bug1495409

Trust: 0.6

url:https://us-cert.cisa.gov/ics/advisories/icsa-17-332-01

Trust: 0.6

url:http://subscriber.communications.siemens.com/

Trust: 0.3

url:https://bugzilla.redhat.com/show_bug.cgi?id=1495409 bug 1495409

Trust: 0.3

url:https://cwe.mitre.org/data/definitions/20.html

Trust: 0.1

url:https://www.mail-archive.com/dnsmasq-discuss@lists.thekelleys.org.uk/msg11665.html

Trust: 0.1

url:https://www.mail-archive.com/dnsmasq-discuss@lists.thekelleys.org.uk/msg11664.html

Trust: 0.1

url:https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4tk6dwc53wsu6633evzl7h4pcwbyhmhk/

Trust: 0.1

url:http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=63437ffbb58837b214b4b92cb1c54bc5f3279928

Trust: 0.1

url:https://nvd.nist.gov

Trust: 0.1

url:https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=877102

Trust: 0.1

url:https://threatpost.com/google-warns-of-dos-and-rce-bugs-in-dnsmasq/128238/

Trust: 0.1

sources: CERT/CC: VU#973527 // VULMON: CVE-2017-13704 // BID: 101977 // BID: 101085 // JVNDB: JVNDB-2017-008617 // CNNVD: CNNVD-201708-1115 // NVD: CVE-2017-13704

CREDITS

Gabriel Campana, Kevin Hamacher and Ron Bowes of the Google Security Team,Felix Wilhelm, Fermin J. Serna

Trust: 0.6

sources: CNNVD: CNNVD-201708-1115

SOURCES

db:CERT/CCid:VU#973527
db:VULMONid:CVE-2017-13704
db:BIDid:101977
db:BIDid:101085
db:JVNDBid:JVNDB-2017-008617
db:CNNVDid:CNNVD-201708-1115
db:NVDid:CVE-2017-13704

LAST UPDATE DATE

2024-11-23T19:28:37.860000+00:00


SOURCES UPDATE DATE

db:CERT/CCid:VU#973527date:2018-02-02T00:00:00
db:VULMONid:CVE-2017-13704date:2018-05-11T00:00:00
db:BIDid:101977date:2019-05-15T17:00:00
db:BIDid:101085date:2017-10-02T00:00:00
db:JVNDBid:JVNDB-2017-008617date:2017-11-29T00:00:00
db:CNNVDid:CNNVD-201708-1115date:2020-10-14T00:00:00
db:NVDid:CVE-2017-13704date:2024-11-21T03:11:28.383

SOURCES RELEASE DATE

db:CERT/CCid:VU#973527date:2017-10-02T00:00:00
db:VULMONid:CVE-2017-13704date:2017-10-03T00:00:00
db:BIDid:101977date:2017-11-28T00:00:00
db:BIDid:101085date:2017-10-02T00:00:00
db:JVNDBid:JVNDB-2017-008617date:2017-10-24T00:00:00
db:CNNVDid:CNNVD-201708-1115date:2017-08-28T00:00:00
db:NVDid:CVE-2017-13704date:2017-10-03T01:29:01.637