CVE-2017-13704
Public on 2017-10-03
Modified on 2024-01-21
Description
In dnsmasq before 2.78, if the DNS packet size does not match the expected size, the size parameter in a memset call gets a negative value. As it is an unsigned value, memset ends up writing up to 0xffffffff zero's (0xffffffffffffffff in 64 bit platforms), making dnsmasq crash.
CVSS v3 Base Score
See breakdown
Affected Packages
| Platform | Package | Release Date | Advisory | Status |
|---|---|---|---|---|
| Amazon Linux 1 | dnsmasq | Not Affected | ||
| Amazon Linux 2 - Core | dnsmasq | Not Affected | ||
| Amazon Linux 2 - Dnsmasq Extra | dnsmasq | Not Affected | ||
| Amazon Linux 2 - Dnsmasq2.85 Extra | dnsmasq | Not Affected | ||
| Amazon Linux 2023 | dnsmasq | Not Affected |
CVSS Scores
| Score Type | Score | Vector | |
|---|---|---|---|
| Amazon Linux | CVSSv3 | 7.5 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
| NVD | CVSSv2 | 5.0 | AV:N/AC:L/Au:N/C:N/I:N/A:P |
| NVD | CVSSv3 | 7.5 | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |