SB2019121940 - Resource exhaustion in dnsmasq (Alpine package)
Published: December 19, 2019
Security Bulletin ID
SB2019121940
Severity
Low
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Denial of service
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) Resource exhaustion (CVE-ID: CVE-2019-14834)
The vulnerability allows a remote non-authenticated attacker to perform service disruption.
A vulnerability was found in dnsmasq before version 2.81, where the memory leak allows remote attackers to cause a denial of service (memory consumption) via vectors involving DHCP response creation.
Remediation
Install update from vendor's website.
References
- https://git.alpinelinux.org/aports/commit/?id=9af72b19675b1be5e4f838b5dc97b5fa4d7211d0
- https://git.alpinelinux.org/aports/commit/?id=2a8dcde66ca811babbbb7d8a2e11bed8dd4a0880
- https://git.alpinelinux.org/aports/commit/?id=c2e70834ec4dc383d3870aab4902a511b8855cd3
- https://git.alpinelinux.org/aports/commit/?id=05ce3aa991af874d09ffd9c8271539aaa54b53f4
- https://git.alpinelinux.org/aports/commit/?id=3ea61d40651914e0706601cd8b7c05fcaafe089a
- https://git.alpinelinux.org/aports/commit/?id=756199c70f06ea647ed81f59c6282ef53f0371aa
- https://git.alpinelinux.org/aports/commit/?id=dd7e750ba07d59986e184840c84440d074db4ef1