|Summary:||CVE-2019-14834 dnsmasq: memory leak in the create_helper() function in /src/helper.c|
|Product:||[Other] Security Response||Reporter:||Dhananjay Arunesh <darunesh>|
|Component:||vulnerability||Assignee:||Red Hat Product Security <security-response-team>|
|Status:||CLOSED ERRATA||QA Contact:|
|Version:||unspecified||CC:||code, dbecker, dominik.mierzejewski, dougsland, itamar, jima, jjoyce, jschluet, kbasil, laine, lhh, lpeer, mburns, p, pemensik, psampaio, ravpatil, sclewis, security-response-team, slinaber, thozza, veillard|
|Fixed In Version:||Doc Type:||If docs needed, set a value|
A flaw was found in the Dnsmasq application where a remote attacker can trigger a memory leak by sending specially crafted DHCP responses to the server. A successful attack is dependent on a specific configuration regarding the domain name set into the dnsmasq.conf file. Over time, the memory leak may cause the process to run out of memory and terminate, causing a denial of service.
|Last Closed:||2020-04-28 16:34:27 UTC||Type:||---|
|oVirt Team:||---||RHEL 7.3 requirements from Atomic Host:|
|Cloudforms Team:||---||Target Upstream Version:|
|Bug Depends On:||1764426, 1795369, 1795370|
Description Dhananjay Arunesh 2019-10-23 04:13:39 UTC
A vulnerability was found in dnsmsq before version 2.81, where the memory leak allows remote attackers to cause a denial of service (memory consumption) via vectors involving DHCP response creation. Upstream patch: http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=69bc94779c2f035a9fffdb5327a54c3aeca73ed5 References: http://www.thekelleys.org.uk/dnsmasq/doc.html
Comment 1 Dhananjay Arunesh 2019-10-23 04:16:37 UTC
Created dnsmasq tracking bugs for this issue: Affects: fedora-all [bug 1764426]
Comment 3 Joshua Padman 2019-12-13 00:25:39 UTC
Statement: In Red Hat OpenStack Platform, which currently supports Red Hat Enterprise Linux 7.7, the dnsmasq package is pulled directly from the rhel-7-server-rpms channel. Red Hat OpenStack Platform's version is therefore unused, please ensure that the underlying Red Hat Enterprise Linux dnsmasq package is current.
Comment 6 Marco Benatto 2020-01-28 13:27:12 UTC
There's a flaw on dnsmasq which allows an attacker to cause DoS by sending specially crafted DHCP responses. The malicious responses triggers a memory leak on create_helper() function under certain conditions leading the process to run out of memory. The availability impact is considered High as it denies the service for all users/systems depending on the affected dnsmasq instance, however the Attack Complexity can be considered High as a successful attack depends on a specific configuration.
Comment 7 Marco Benatto 2020-01-29 13:34:48 UTC
Acknowledgments: Name: Xu Mingjie (varas@IIE)
Comment 8 Tomáš Hozza 2020-02-17 11:16:47 UTC
Hi. Do we have a reproducer?
Comment 9 Doran Moppert 2020-02-18 23:45:43 UTC
We don't have a reproducer; making a reliable one for QE would be a lot of work when the patch is so straightforward :).
Comment 10 errata-xmlrpc 2020-04-28 15:44:00 UTC
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:1715 https://access.redhat.com/errata/RHSA-2020:1715
Comment 11 Product Security DevOps Team 2020-04-28 16:34:27 UTC
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2019-14834