A heap buffer overflow was discovered in dnsmasq in the IPv6 router advertisement (RA) handling code. An attacker on the local network segment could send crafted RAs to dnsmasq which would cause it to crash or, potentially, execute arbitrary code. This issue only affected configurations using one of these options: enable-ra, ra-only, slaac, ra-names, ra-advrouter, or ra-stateless.
Platform | Package | Release Date | Advisory |
---|---|---|---|
Amazon Linux 1 | dnsmasq | 2017-10-02 17:05 | ALAS-2017-907 |
Amazon Linux 2 - Core | dnsmasq | 2019-07-18 18:22 | ALAS2-2019-1251 |
Score Type | Score | Vector | |
---|---|---|---|
Amazon Linux | CVSSv2 | 8.3 | AV:A/AC:L/Au:N/C:C/I:C/A:C |
Amazon Linux | CVSSv3 | 8.8 | CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
NVD | CVSSv2 | 7.5 | AV:N/AC:L/Au:N/C:P/I:P/A:P |
NVD | CVSSv3 | 9.8 | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |