{"id":"CVE-2017-14495","details":"Memory leak in dnsmasq before 2.78, when the --add-mac, --add-cpe-id or --add-subnet option is specified, allows remote attackers to cause a denial of service (memory consumption) via vectors involving DNS response creation.","modified":"2026-03-20T11:19:07.704415Z","published":"2017-10-03T01:29:02.153Z","related":["MGASA-2017-0364","MGASA-2017-0367","SUSE-SU-2017:2616-1","SUSE-SU-2017:2617-1","SUSE-SU-2017:2618-1","SUSE-SU-2017:2619-1","openSUSE-SU-2024:10721-1"],"references":[{"type":"WEB","url":"http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-005.txt"},{"type":"WEB","url":"http://www.securityfocus.com/bid/101977"},{"type":"WEB","url":"https://cert-portal.siemens.com/productcert/pdf/ssa-689071.pdf"},{"type":"WEB","url":"http://nvidia.custhelp.com/app/answers/detail/a_id/4561"},{"type":"WEB","url":"http://thekelleys.org.uk/gitweb/?p=dnsmasq.git%3Ba=commit%3Bh=51eadb692a5123b9838e5a68ecace3ac579a3a45"},{"type":"WEB","url":"https://www.synology.com/support/security/Synology_SA_17_59_Dnsmasq"},{"type":"WEB","url":"https://www.mail-archive.com/dnsmasq-discuss%40lists.thekelleys.org.uk/msg11664.html"},{"type":"WEB","url":"https://www.mail-archive.com/dnsmasq-discuss%40lists.thekelleys.org.uk/msg11665.html"},{"type":"ADVISORY","url":"http://www.debian.org/security/2017/dsa-3989"},{"type":"ADVISORY","url":"http://www.securityfocus.com/bid/101085"},{"type":"ADVISORY","url":"https://security.gentoo.org/glsa/201710-27"},{"type":"ADVISORY","url":"http://thekelleys.org.uk/dnsmasq/CHANGELOG"},{"type":"ADVISORY","url":"http://www.ubuntu.com/usn/USN-3430-1"},{"type":"ADVISORY","url":"http://www.ubuntu.com/usn/USN-3430-2"},{"type":"ADVISORY","url":"https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html"},{"type":"ADVISORY","url":"https://www.exploit-db.com/exploits/42945/"},{"type":"ADVISORY","url":"https://www.kb.cert.org/vuls/id/973527"},{"type":"ADVISORY","url":"http://www.securitytracker.com/id/1039474"},{"type":"REPORT","url":"http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00006.html"},{"type":"REPORT","url":"https://access.redhat.com/security/vulnerabilities/3199382"},{"type":"FIX","url":"https://access.redhat.com/errata/RHSA-2017:2836"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/infrastructureservices/dnsmasq","events":[{"introduced":"0"},{"last_affected":"74ea91531a5f0c6ad8c4bcc5f6bda55bf2c2acb1"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"2.77"}]}}],"versions":["v2.0","v2.1","v2.10","v2.11","v2.12","v2.13","v2.14","v2.15","v2.16","v2.17","v2.18","v2.19","v2.2","v2.20","v2.21","v2.22","v2.23","v2.24","v2.25","v2.26","v2.27","v2.28","v2.29","v2.3","v2.30","v2.31","v2.32","v2.33","v2.34","v2.35","v2.36","v2.37","v2.38","v2.39","v2.4","v2.40","v2.41","v2.42","v2.43","v2.44","v2.45","v2.46","v2.47","v2.48","v2.49","v2.5","v2.50","v2.51","v2.52","v2.53","v2.55","v2.56","v2.57","v2.58","v2.59","v2.6","v2.60","v2.60rc1","v2.60rc2","v2.60rc3","v2.60rc4","v2.60rc5","v2.60test10","v2.60test11","v2.60test12","v2.60test13","v2.60test14","v2.60test15","v2.60test16","v2.60test17","v2.60test18","v2.60test7","v2.60test8","v2.60test9","v2.61","v2.61rc1","v2.61rc2","v2.61rc3","v2.61rc4","v2.61test10","v2.61test11","v2.61test2","v2.61test3","v2.61test4","v2.61test5","v2.61test6","v2.61test7","v2.61test8","v2.61test9","v2.62","v2.62rc1","v2.62rc2","v2.62rc3","v2.62test1","v2.62test2","v2.62test3","v2.62test4","v2.63","v2.63rc1","v2.63rc2","v2.63rc3","v2.63rc4","v2.63rc5","v2.63rc6","v2.63test1","v2.63test2","v2.63test3","v2.64","v2.64rc1","v2.64rc2","v2.64rc3","v2.64test1","v2.64test2","v2.64test3","v2.64test4","v2.64test5","v2.64test6","v2.64test7","v2.65test1","v2.65test2","v2.65test3","v2.65test4","v2.66","v2.66rc1","v2.66rc2","v2.66rc3","v2.66rc4","v2.66rc5","v2.66test1","v2.66test10","v2.66test11","v2.66test12","v2.66test13","v2.66test14","v2.66test15","v2.66test16","v2.66test17","v2.66test18","v2.66test19","v2.66test2","v2.66test20","v2.66test21","v2.66test22","v2.66test23","v2.66test3","v2.66test4","v2.66test5","v2.66test6","v2.66test7","v2.66test8","v2.66test9","v2.67","v2.67rc1","v2.67rc2","v2.67rc3","v2.67rc4","v2.67test1","v2.67test10","v2.67test11","v2.67test12","v2.67test13","v2.67test14","v2.67test15","v2.67test16","v2.67test17","v2.67test18","v2.67test2","v2.67test3","v2.67test4","v2.67test5","v2.67test6","v2.67test7","v2.67test8","v2.67test9","v2.68","v2.68rc1","v2.68rc2","v2.68rc3","v2.68rc4","v2.68rc5","v2.68test1","v2.68test2","v2.69","v2.69rc1","v2.69rc2","v2.69rc3","v2.69rc4","v2.69test1","v2.69test10","v2.69test11","v2.69test2","v2.69test3","v2.69test4","v2.69test5","v2.69test6","v2.69test7","v2.69test8","v2.69test9","v2.7","v2.70","v2.71","v2.71test1","v2.71test2","v2.72","v2.72rc1","v2.72rc2","v2.72test1","v2.72test2","v2.72test3","v2.73","v2.73rc1","v2.73rc10","v2.73rc2","v2.73rc3","v2.73rc4","v2.73rc5","v2.73rc6","v2.73rc7","v2.73rc8","v2.73rc9","v2.73test1","v2.73test2","v2.73test3","v2.73test4","v2.73test5","v2.73test6","v2.74","v2.74rc1","v2.74rc2","v2.74rc3","v2.74rc4","v2.74test1","v2.74test2","v2.75","v2.76","v2.76rc1","v2.76rc2","v2.76test1","v2.76test10","v2.76test11","v2.76test12","v2.76test13","v2.76test2","v2.76test3","v2.76test4","v2.76test5","v2.76test6","v2.76test7","v2.76test8","v2.76test9","v2.77","v2.77rc1","v2.77rc2","v2.77rc3","v2.77rc4","v2.77rc5","v2.77test1","v2.77test2","v2.77test3","v2.77test4","v2.77test5","v2.8","v2.9"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2017-14495.json","unresolved_ranges":[{"events":[{"introduced":"0"},{"last_affected":"14.04"}]},{"events":[{"introduced":"0"},{"last_affected":"16.04"}]},{"events":[{"introduced":"0"},{"last_affected":"17.04"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0"}]},{"events":[{"introduced":"0"},{"last_affected":"7.1"}]},{"events":[{"introduced":"0"},{"last_affected":"9.0"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0"}]},{"events":[{"introduced":"0"},{"last_affected":"7.0"}]}]}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}