{"id":"CVE-2019-14513","details":"Improper bounds checking in Dnsmasq before 2.76 allows an attacker controlled DNS server to send large DNS packets that result in a read operation beyond the buffer allocated for the packet, a different vulnerability than CVE-2017-14491.","modified":"2026-05-08T04:39:40.056746Z","published":"2019-08-01T21:15:12.247Z","database_specific":{"unresolved_ranges":[{"source":"CPE_FIELD","cpe":"cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*","extracted_events":[{"last_affected":"8.0"}]}]},"references":[{"type":"ADVISORY","url":"https://lists.debian.org/debian-lts-announce/2019/09/msg00013.html"},{"type":"EVIDENCE","url":"https://github.com/Slovejoy/dnsmasq-pre2.76"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/infrastructureservices/dnsmasq","events":[{"introduced":"0"},{"fixed":"f186bdcbc76cd894133a043b115b4510c0ee1fcf"}],"database_specific":{"source":"CPE_FIELD","cpe":"cpe:2.3:a:thekelleys:dnsmasq:*:*:*:*:*:*:*:*","extracted_events":[{"introduced":"0"},{"fixed":"2.76"}]}}],"versions":["v2.0","v2.1","v2.10","v2.11","v2.12","v2.13","v2.14","v2.15","v2.16","v2.17","v2.18","v2.19","v2.2","v2.20","v2.21","v2.22","v2.23","v2.24","v2.25","v2.26","v2.27","v2.28","v2.29","v2.3","v2.30","v2.31","v2.32","v2.33","v2.34","v2.35","v2.36","v2.37","v2.38","v2.39","v2.4","v2.40","v2.41","v2.42","v2.43","v2.44","v2.45","v2.46","v2.47","v2.48","v2.49","v2.5","v2.50","v2.51","v2.52","v2.53","v2.55","v2.56","v2.57","v2.58","v2.59","v2.6","v2.60","v2.60rc1","v2.60rc2","v2.60rc3","v2.60rc4","v2.60rc5","v2.60test10","v2.60test11","v2.60test12","v2.60test13","v2.60test14","v2.60test15","v2.60test16","v2.60test17","v2.60test18","v2.60test7","v2.60test8","v2.60test9","v2.61","v2.61rc1","v2.61rc2","v2.61rc3","v2.61rc4","v2.61test10","v2.61test11","v2.61test2","v2.61test3","v2.61test4","v2.61test5","v2.61test6","v2.61test7","v2.61test8","v2.61test9","v2.62","v2.62rc1","v2.62rc2","v2.62rc3","v2.62test1","v2.62test2","v2.62test3","v2.62test4","v2.63","v2.63rc1","v2.63rc2","v2.63rc3","v2.63rc4","v2.63rc5","v2.63rc6","v2.63test1","v2.63test2","v2.63test3","v2.64","v2.64rc1","v2.64rc2","v2.64rc3","v2.64test1","v2.64test2","v2.64test3","v2.64test4","v2.64test5","v2.64test6","v2.64test7","v2.65test1","v2.65test2","v2.65test3","v2.65test4","v2.66","v2.66rc1","v2.66rc2","v2.66rc3","v2.66rc4","v2.66rc5","v2.66test1","v2.66test10","v2.66test11","v2.66test12","v2.66test13","v2.66test14","v2.66test15","v2.66test16","v2.66test17","v2.66test18","v2.66test19","v2.66test2","v2.66test20","v2.66test21","v2.66test22","v2.66test23","v2.66test3","v2.66test4","v2.66test5","v2.66test6","v2.66test7","v2.66test8","v2.66test9","v2.67","v2.67rc1","v2.67rc2","v2.67rc3","v2.67rc4","v2.67test1","v2.67test10","v2.67test11","v2.67test12","v2.67test13","v2.67test14","v2.67test15","v2.67test16","v2.67test17","v2.67test2","v2.67test3","v2.67test4","v2.67test5","v2.67test6","v2.67test7","v2.68","v2.68rc1","v2.68rc2","v2.68rc3","v2.68rc4","v2.68rc5","v2.68test1","v2.68test2","v2.69","v2.69rc1","v2.69rc2","v2.69rc3","v2.69rc4","v2.69test1","v2.69test10","v2.69test11","v2.69test2","v2.69test4","v2.69test5","v2.69test6","v2.69test7","v2.69test8","v2.69test9","v2.7","v2.70","v2.71","v2.71test1","v2.71test2","v2.72","v2.72rc1","v2.72rc2","v2.72test1","v2.72test2","v2.72test3","v2.73","v2.73rc1","v2.73rc10","v2.73rc2","v2.73rc3","v2.73rc4","v2.73rc5","v2.73rc6","v2.73rc7","v2.73rc8","v2.73rc9","v2.73test1","v2.73test2","v2.73test3","v2.73test4","v2.73test5","v2.73test6","v2.74","v2.74rc1","v2.74rc2","v2.74rc3","v2.74rc4","v2.74test1","v2.74test2","v2.75","v2.76rc1","v2.76rc2","v2.76test1","v2.76test10","v2.76test11","v2.76test12","v2.76test13","v2.76test2","v2.76test3","v2.76test4","v2.76test5","v2.76test6","v2.76test7","v2.76test8","v2.76test9","v2.8","v2.9"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2019-14513.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}