Bug 1764425 (CVE-2019-14834) - CVE-2019-14834 dnsmasq: memory leak in the create_helper() function in /src/helper.c
Summary: CVE-2019-14834 dnsmasq: memory leak in the create_helper() function in /src/h...
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2019-14834
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 1795369 1764426 1795370
Blocks: 1748230
TreeView+ depends on / blocked
 
Reported: 2019-10-23 04:13 UTC by Dhananjay Arunesh
Modified: 2020-05-28 07:39 UTC (History)
22 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in the Dnsmasq application where a remote attacker can trigger a memory leak by sending specially crafted DHCP responses to the server. A successful attack is dependent on a specific configuration regarding the domain name set into the dnsmasq.conf file. Over time, the memory leak may cause the process to run out of memory and terminate, causing a denial of service.
Clone Of:
Environment:
Last Closed: 2020-04-28 16:34:27 UTC


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2020:1715 None None None 2020-04-28 15:44:02 UTC

Description Dhananjay Arunesh 2019-10-23 04:13:39 UTC
A vulnerability was found in dnsmsq before version 2.81, where the memory leak allows remote attackers to cause a denial of service (memory consumption) via vectors involving DHCP response creation.

Upstream patch:

http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=69bc94779c2f035a9fffdb5327a54c3aeca73ed5

References:

http://www.thekelleys.org.uk/dnsmasq/doc.html

Comment 1 Dhananjay Arunesh 2019-10-23 04:16:37 UTC
Created dnsmasq tracking bugs for this issue:

Affects: fedora-all [bug 1764426]

Comment 3 Joshua Padman 2019-12-13 00:25:39 UTC
Statement:

In Red Hat OpenStack Platform, which currently supports Red Hat Enterprise Linux 7.7, the dnsmasq package is pulled directly from the rhel-7-server-rpms channel. Red Hat OpenStack Platform's version is therefore unused, please ensure that the underlying Red Hat Enterprise Linux dnsmasq package is current.

Comment 6 Marco Benatto 2020-01-28 13:27:12 UTC
There's a flaw on dnsmasq which allows an attacker to cause DoS by sending specially crafted DHCP responses. The malicious responses triggers a memory leak on create_helper() function under certain conditions leading the process to run out of memory.
The availability impact is considered High as it denies the service for all users/systems depending on the affected dnsmasq instance, however the Attack Complexity can be considered High as a successful attack depends on a specific configuration.

Comment 7 Marco Benatto 2020-01-29 13:34:48 UTC
Acknowledgments:

Name: Xu Mingjie (varas@IIE)

Comment 8 Tomáš Hozza 2020-02-17 11:16:47 UTC
Hi. Do we have a reproducer?

Comment 9 Doran Moppert 2020-02-18 23:45:43 UTC
We don't have a reproducer; making a reliable one for QE would be a lot of work when the patch is so straightforward :).

Comment 10 errata-xmlrpc 2020-04-28 15:44:00 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2020:1715 https://access.redhat.com/errata/RHSA-2020:1715

Comment 11 Product Security DevOps Team 2020-04-28 16:34:27 UTC
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2019-14834


Note You need to log in before you can comment on or make changes to this bug.