VDB
CVE-2017-13704
CVE-2017-13704
REJECTED
In dnsmasq before 2.78, if the DNS packet size does not match the expected size, the size parameter in a memset call gets a negative value. As it is an unsigned value, memset ends up writing up to 0xffffffff zero's (0xffffffffffffffff in 64 bit platforms), making dnsmasq crash.
EPSS 77.79% · 99.0th percentile
Risk Scores
EPSS Score
77.79%
99.0th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:14.04:LTS | dnsmasq | 2.66-4ubuntu1, 2.67-1, 2.68-1 |
| Ubuntu:16.04:LTS | dnsmasq | 2.75-1ubuntu0.16.04.1, 0, 2.75-1 |
Exploit Intelligence
- Dnsmasq < 2.78 - Lack of free() Denial of Service - Multiple dos Exploit (variot)
- Dnsmasq < 2.78 - Lack of free() Denial of Service - Multiple dos Exploit (variot)
- Dnsmasq < 2.78 - Integer Underflow - Multiple dos Exploit (variot)
- Dnsmasq < 2.78 - Integer Underflow - Multiple dos Exploit (variot)
- Dnsmasq < 2.78 - Information Leak - Multiple dos Exploit (variot)
- Dnsmasq < 2.78 - Information Leak - Multiple dos Exploit (variot)
- Dnsmasq < 2.78 - Heap Overflow - Multiple dos Exploit (variot)
- Dnsmasq < 2.78 - Heap Overflow - Multiple dos Exploit (variot)
- Dnsmasq < 2.78 - Stack Overflow - Multiple dos Exploit (variot)
- Dnsmasq < 2.78 - Stack Overflow - Multiple dos Exploit (variot)
…and 15 more exploits
Timeline
- Aug 28, 2017 CVE Published
- Oct 2, 2017 PoC Published
- Oct 13, 2020 CVE Updated
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Feb 28, 2022 EPSS Score
- May 2, 2022 EPSS Score
- Sep 5, 2022 EPSS Score
- Nov 6, 2022 EPSS Score
- Mar 7, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2017-13704 third-party-advisory
- http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2017q3/011729.html third-party-advisory
- http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=63437ffbb58837b214b4b92cb1c54bc5f3279928 third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2017-13704 third-party-advisory