Memory leak in dnsmasq before 2.78, when the –add-mac, –add-cpe-id or –add-subnet option is specified, allows remote attackers to cause a denial of service (memory consumption) via vectors involving DNS response creation.
The product does not release a resource after its effective lifetime has ended, i.e., after the resource is no longer needed.
Name | Vendor | Start Version | End Version |
---|---|---|---|
Ubuntu_linux | Canonical | 14.04 (including) | 14.04 (including) |
Ubuntu_linux | Canonical | 16.04 (including) | 16.04 (including) |
Ubuntu_linux | Canonical | 17.04 (including) | 17.04 (including) |
Debian_linux | Debian | 7.0 (including) | 7.0 (including) |
Debian_linux | Debian | 7.1 (including) | 7.1 (including) |
Debian_linux | Debian | 9.0 (including) | 9.0 (including) |
Leap | Novell | 42.2 (including) | 42.2 (including) |
Leap | Novell | 42.3 (including) | 42.3 (including) |
Enterprise_linux_desktop | Redhat | 7.0 (including) | 7.0 (including) |
Enterprise_linux_server | Redhat | 7.0 (including) | 7.0 (including) |
Enterprise_linux_workstation | Redhat | 7.0 (including) | 7.0 (including) |
Red Hat Enterprise Linux 7 | RedHat | dnsmasq-0:2.76-2.el7_4.2 | * |
Dnsmasq | Ubuntu | trusty | * |
Dnsmasq | Ubuntu | xenial | * |
Dnsmasq | Ubuntu | zesty | * |