CVE-2017-14496 - Integer Underflow (Wrap or Wraparound)

Severity

78%

Complexity

99%

Confidentiality

115%

Integer underflow in the add_pseudoheader function in dnsmasq before 2.78 , when the --add-mac, --add-cpe-id or --add-subnet option is specified, allows remote attackers to cause a denial of service via a crafted DNS request.

Integer underflow in the add_pseudoheader function in dnsmasq before 2.78 , when the --add-mac, --add-cpe-id or --add-subnet option is specified, allows remote attackers to cause a denial of service via a crafted DNS request.

CVSS 3.0 Base Score 7.5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).

CVSS 2.0 Base Score 7.8. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (AV:N/AC:L/Au:N/C:N/I:N/A:C).

Demo Examples

Integer Underflow (Wrap or Wraparound)

CWE-191

The following example subtracts from a 32 bit signed integer.


               
}
return 0;

The example has an integer underflow. The value of i is already at the lowest negative value possible, so after subtracting 1, the new value of i is 2147483647.

Overview

First reported 7 years ago

2017-10-03 01:29:00

Last updated 6 years ago

2018-05-11 01:29:00

Affected Software

Canonical Ubuntu Linux 14.04 LTS (Long-Term Support)

14.04

Canonical Ubuntu Linux 16.04 LTS (Long-Term Support)

16.04

Canonical Ubuntu Linux 17.04

17.04

Debian Linux 7.0

7.0

Debian Linux 7.1

7.1

Debian Linux 9.0

9.0

Google Android Operating System 4.4.4

4.4.4

Google Android 5.0.2

5.0.2

Google Android 5.1.1

5.1.1

Google Android 6.0

6.0

Google Android 6.0.1

6.0.1

Google Android (Nougat) 7.0

7.0

Google Android 7.1.1

7.1.1

Google Android 7.1.2

7.1.2

Google Android 8.0

8.0

RedHat Enterprise Linux Desktop 7.0

7.0

RedHat Enterprise Linux Server 7.0

7.0

RedHat Enterprise Linux Workstation 7.0

7.0

thekelleys dnsmasq

References

openSUSE-SU-2017:2633

Issue Tracking, Mailing List, Third Party Advisory

http://nvidia.custhelp.com/app/answers/detail/a_id/4561

http://thekelleys.org.uk/dnsmasq/CHANGELOG

Release Notes, Vendor Advisory

http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=897c113fda0886a28a986cc6ba17bb93bd6cb1c7

Patch, Vendor Advisory

http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-005.txt

DSA-3989

Third Party Advisory

101085

Third Party Advisory, VDB Entry

101977

1039474

Third Party Advisory, VDB Entry

USN-3430-1

Third Party Advisory

USN-3430-2

Third Party Advisory

RHSA-2017:2836

Patch, Third Party Advisory

https://access.redhat.com/security/vulnerabilities/3199382

Issue Tracking, Third Party Advisory

https://cert-portal.siemens.com/productcert/pdf/ssa-689071.pdf

GLSA-201710-27

https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html

Third Party Advisory

https://source.android.com/security/bulletin/2017-10-01

Third Party Advisory

42946

Third Party Advisory, VDB Entry

VU#973527

Third Party Advisory, US Government Resource

[dnsmasq-discuss] 20171002 IMPORTANT SECURITY INFORMATION.

Mailing List, Third Party Advisory

[dnsmasq-discuss] 20171002 Announce: dnsmasq-2.78.

Mailing List, Third Party Advisory

https://www.synology.com/support/security/Synology_SA_17_59_Dnsmasq

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.