A vulnerability was found in dnsmsq before version 2.81, where the memory leak allows remote attackers to cause a denial of service (memory consumption) via vectors involving DHCP response creation. Upstream patch: http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=69bc94779c2f035a9fffdb5327a54c3aeca73ed5 References: http://www.thekelleys.org.uk/dnsmasq/doc.html
Created dnsmasq tracking bugs for this issue: Affects: fedora-all [bug 1764426]
Statement: In Red Hat OpenStack Platform, which currently supports Red Hat Enterprise Linux 7.7, the dnsmasq package is pulled directly from the rhel-7-server-rpms channel. Red Hat OpenStack Platform's version is therefore unused, please ensure that the underlying Red Hat Enterprise Linux dnsmasq package is current.
There's a flaw on dnsmasq which allows an attacker to cause DoS by sending specially crafted DHCP responses. The malicious responses triggers a memory leak on create_helper() function under certain conditions leading the process to run out of memory. The availability impact is considered High as it denies the service for all users/systems depending on the affected dnsmasq instance, however the Attack Complexity can be considered High as a successful attack depends on a specific configuration.
Acknowledgments: Name: Xu Mingjie (varas@IIE)
Hi. Do we have a reproducer?
We don't have a reproducer; making a reliable one for QE would be a lot of work when the patch is so straightforward :).
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2020:1715 https://access.redhat.com/errata/RHSA-2020:1715
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2019-14834
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2020:3878 https://access.redhat.com/errata/RHSA-2020:3878