A vulnerability was found in dnsmsq before version 2.81, where the memory leak allows remote attackers to cause a denial of service (memory consumption) via vectors involving DHCP response creation.
Created dnsmasq tracking bugs for this issue:
Affects: fedora-all [bug 1764426]
In Red Hat OpenStack Platform, which currently supports Red Hat Enterprise Linux 7.7, the dnsmasq package is pulled directly from the rhel-7-server-rpms channel. Red Hat OpenStack Platform's version is therefore unused, please ensure that the underlying Red Hat Enterprise Linux dnsmasq package is current.
There's a flaw on dnsmasq which allows an attacker to cause DoS by sending specially crafted DHCP responses. The malicious responses triggers a memory leak on create_helper() function under certain conditions leading the process to run out of memory.
The availability impact is considered High as it denies the service for all users/systems depending on the affected dnsmasq instance, however the Attack Complexity can be considered High as a successful attack depends on a specific configuration.
Name: Xu Mingjie (varas@IIE)
Hi. Do we have a reproducer?
We don't have a reproducer; making a reliable one for QE would be a lot of work when the patch is so straightforward :).
This issue has been addressed in the following products:
Red Hat Enterprise Linux 8
Via RHSA-2020:1715 https://access.redhat.com/errata/RHSA-2020:1715
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):