Bugzilla (bugzilla.redhat.com) will be under maintenance for infrastructure upgrades and will not be unavailable on July 31st between 12:30 AM - 05:30 AM UTC. We appreciate your understanding and patience. You can follow status.redhat.com for details.
Bug 1739422 (CVE-2019-14513) - CVE-2019-14513 dnsmasq: Improper bounds checking leads to a buffer overread
Summary: CVE-2019-14513 dnsmasq: Improper bounds checking leads to a buffer overread
Keywords:
Status: CLOSED NOTABUG
Alias: CVE-2019-14513
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks: 1739423
TreeView+ depends on / blocked
 
Reported: 2019-08-09 09:50 UTC by Marian Rehak
Modified: 2021-02-16 21:31 UTC (History)
18 users (show)

Fixed In Version: dnsmasq 2.76
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2019-08-12 14:47:43 UTC


Attachments (Terms of Use)

Description Marian Rehak 2019-08-09 09:50:20 UTC
Improper bounds checking in Dnsmasq before 2.76 allows an attacker controlled DNS server to send large DNS packets that result in a read operation beyond the buffer allocated for the packet, a different vulnerability than CVE-2017-14491.

Upstream Issue:

https://github.com/Slovejoy/dnsmasq-pre2.76

Comment 2 Stefan Cornelius 2019-08-12 12:50:09 UTC
This commit fixes the problem for me:
http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commitdiff;h=d3a8b39c7df2f0debf3b5f274a1c37a9e261f94e

Comment 5 Product Security DevOps Team 2019-08-12 14:47:43 UTC
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2019-14513

Comment 7 Summer Long 2019-08-12 22:40:23 UTC
Statement:

This issue does not affect the versions of dnsmasq as shipped with Red Hat Enterprise Linux 5, 6, 7, and 8.

In Red Hat OpenStack Platform, which currently supports Red Hat Enterprise Linux 7.7, the dnsmasq package is pulled directly from the rhel-7-server-rpms channel. Red Hat OpenStack Platform is therefore unaffected, but please ensure that the underlying Red Hat Enterprise Linux dnsmasq package is current.


Note You need to log in before you can comment on or make changes to this bug.