CVE-2017-14491

Name: CVE-2017-14491
Creator: NVD / NIST
Published: 2017-10-04T01:29:02.87+00:00
License: https://creativecommons.org/publicdomain/zero/1.0/

CRITICALCVSS 9.8/10EPSS 84.92%

Last modified Jun 17, 2026

CVE-2017-14491 is a critical-severity vulnerability rated 9.8/10 on the CVSS scale. Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response.. EPSS estimates a 84.92% chance of exploitation in the next 30 days.

Description

Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response.

Metrics

CVSS 3.1

9.8/10

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

EPSS Probability

84.92%

99.7th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

CWE-787

Affected Software

Vendor	Product	Versions	Update
Thekelleys	Dnsmasq	<= 2.77	—
Redhat	Enterprise Linux Desktop	6.0	—
Redhat	Enterprise Linux Desktop	7.0	—
Redhat	Enterprise Linux Server	6.0	—
Redhat	Enterprise Linux Server	7.0	—
Redhat	Enterprise Linux Workstation	6.0	—
Redhat	Enterprise Linux Workstation	7.0	—
Canonical	Ubuntu Linux	12.04	—
Canonical	Ubuntu Linux	14.04	—
Canonical	Ubuntu Linux	16.04	—
Canonical	Ubuntu Linux	17.04	—
Debian	Debian Linux	7.0	—
Debian	Debian Linux	7.1	—
Debian	Debian Linux	8.0	—
Debian	Debian Linux	9.0	—
Opensuse	Leap	42.2	—
Opensuse	Leap	42.3	—
Suse	Linux Enterprise Debuginfo	11	Sp3
Suse	Linux Enterprise Point Of Sale	11	Sp3
Suse	Linux Enterprise Server	11	Sp3
Suse	Linux Enterprise Server	12	—
Nvidia	Linux For Tegra	< r21.6	—
Nvidia	Linux For Tegra	< r24.2.2	—
Nvidia	Geforce Experience	>= 3.0, < 3.10.0.55	—
Huawei	Honor V9 Play Firmware	< jimmy-al00ac00b135	—
Arista	Eos	<= 4.15	—
Arista	Eos	>= 4.16, < 4.16.13m	—
Arista	Eos	>= 4.17, < 4.17.8m	—
Arista	Eos	>= 4.18, <= 4.18.4.2f	—
Siemens	Ruggedcom Rm1224 Firmware	< 5.0	—
Siemens	Scalance M-800 Firmware	< 5.0	—
Siemens	Scalance S615 Firmware	< 5.0	—
Siemens	Scalance W1750d Firmware	< 6.5.1.5	—
Arubanetworks	Arubaos	>= 6.3.1, < 6.3.1.25	—
Arubanetworks	Arubaos	>= 6.4.4.0, < 6.4.4.16	—
Arubanetworks	Arubaos	>= 6.5.0.0, < 6.5.1.9	—
Arubanetworks	Arubaos	>= 6.5.3.0, < 6.5.3.3	—
Arubanetworks	Arubaos	>= 6.5.4.0, < 6.5.4.2	—
Arubanetworks	Arubaos	>= 8.1.0.0, < 8.1.0.4	—
Synology	Router Manager	1.1	—
Synology	Diskstation Manager	5.2	—
Synology	Diskstation Manager	6.0	—
Synology	Diskstation Manager	6.1	—

References

http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00003.htmlMailing List, Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00004.htmlMailing List, Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00005.htmlMailing List, Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00006.htmlMailing List, Third Party Advisory
http://nvidia.custhelp.com/app/answers/detail/a_id/4560Third Party Advisory
http://nvidia.custhelp.com/app/answers/detail/a_id/4561Third Party Advisory
http://packetstormsecurity.com/files/144480/Dnsmasq-2-Byte-Heap-Based-Overflow.htmlExploit, Third Party Advisory, VDB Entry
http://thekelleys.org.uk/dnsmasq/CHANGELOGRelease Notes, Vendor Advisory
http://thekelleys.org.uk/gitweb/?p=dnsmasq.git%3Ba=commit%3Bh=0549c73b7ea6b22a3c49beb4d432f185a81efcbc
http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-005.txtThird Party Advisory
http://www.debian.org/security/2017/dsa-3989Third Party Advisory
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171103-01-dnsmasq-enThird Party Advisory
http://www.securityfocus.com/bid/101085Broken Link
http://www.securityfocus.com/bid/101977Broken Link
http://www.securitytracker.com/id/1039474Broken Link
http://www.ubuntu.com/usn/USN-3430-1Third Party Advisory
http://www.ubuntu.com/usn/USN-3430-2Third Party Advisory
http://www.ubuntu.com/usn/USN-3430-3Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2836Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2837Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2838Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2839Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2840Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2841Third Party Advisory
https://access.redhat.com/security/vulnerabilities/3199382Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-689071.pdfPatch, Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/527KNN34RN2SB6MBJG7CKSEBWYE3TJEB/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5MMPCJOYPPL4B5RBY4U425PWG7EETDTD/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YXRZ2W6TV6NLUJC5NOFBSG6PZSMDTYPV/
https://security.gentoo.org/glsa/201710-27Third Party Advisory
https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.htmlThird Party Advisory
https://www.arista.com/en/support/advisories-notices/security-advisories/3577-security-advisory-30Mitigation, Third Party Advisory
https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-449Third Party Advisory
https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-449/Third Party Advisory
https://www.debian.org/security/2017/dsa-3989Third Party Advisory
https://www.exploit-db.com/exploits/42941/Exploit, Third Party Advisory, VDB Entry
https://www.kb.cert.org/vuls/id/973527Third Party Advisory, US Government Resource
https://www.mail-archive.com/dnsmasq-discuss%40lists.thekelleys.org.uk/msg11664.html
https://www.mail-archive.com/dnsmasq-discuss%40lists.thekelleys.org.uk/msg11665.html
https://www.synology.com/support/security/Synology_SA_17_59_DnsmasqThird Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00003.htmlMailing List, Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00004.htmlMailing List, Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00005.htmlMailing List, Third Party Advisory
http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00006.htmlMailing List, Third Party Advisory
http://nvidia.custhelp.com/app/answers/detail/a_id/4560Third Party Advisory
http://nvidia.custhelp.com/app/answers/detail/a_id/4561Third Party Advisory
http://packetstormsecurity.com/files/144480/Dnsmasq-2-Byte-Heap-Based-Overflow.htmlExploit, Third Party Advisory, VDB Entry
http://thekelleys.org.uk/dnsmasq/CHANGELOGRelease Notes, Vendor Advisory
http://thekelleys.org.uk/gitweb/?p=dnsmasq.git%3Ba=commit%3Bh=0549c73b7ea6b22a3c49beb4d432f185a81efcbc
http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-005.txtThird Party Advisory
http://www.debian.org/security/2017/dsa-3989Third Party Advisory
http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171103-01-dnsmasq-enThird Party Advisory
http://www.securityfocus.com/bid/101085Broken Link
http://www.securityfocus.com/bid/101977Broken Link
http://www.securitytracker.com/id/1039474Broken Link
http://www.ubuntu.com/usn/USN-3430-1Third Party Advisory
http://www.ubuntu.com/usn/USN-3430-2Third Party Advisory
http://www.ubuntu.com/usn/USN-3430-3Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2836Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2837Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2838Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2839Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2840Third Party Advisory
https://access.redhat.com/errata/RHSA-2017:2841Third Party Advisory
https://access.redhat.com/security/vulnerabilities/3199382Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-689071.pdfPatch, Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/527KNN34RN2SB6MBJG7CKSEBWYE3TJEB/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5MMPCJOYPPL4B5RBY4U425PWG7EETDTD/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YXRZ2W6TV6NLUJC5NOFBSG6PZSMDTYPV/
https://security.gentoo.org/glsa/201710-27Third Party Advisory
https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.htmlThird Party Advisory
https://www.arista.com/en/support/advisories-notices/security-advisories/3577-security-advisory-30Mitigation, Third Party Advisory
https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-449Third Party Advisory
https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-449/Third Party Advisory
https://www.debian.org/security/2017/dsa-3989Third Party Advisory
https://www.exploit-db.com/exploits/42941/Exploit, Third Party Advisory, VDB Entry
https://www.kb.cert.org/vuls/id/973527Third Party Advisory, US Government Resource
https://www.mail-archive.com/dnsmasq-discuss%40lists.thekelleys.org.uk/msg11664.html
https://www.mail-archive.com/dnsmasq-discuss%40lists.thekelleys.org.uk/msg11665.html
https://www.synology.com/support/security/Synology_SA_17_59_DnsmasqThird Party Advisory

Timeline

Published: Oct 4, 2017
Last Modified: Jun 17, 2026
Status: Modified

Frequently Asked Questions

What is CVE-2017-14491?

Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response.

How severe is CVE-2017-14491?

CVE-2017-14491 has a CVSS score of 9.8/10 (CRITICAL severity). The EPSS model estimates a 84.92% probability of exploitation in the next 30 days.

How do I fix CVE-2017-14491?

Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2017-14491?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST