Plattform
linux
Komponente
dnsmasq
Behoben in
2.81.1
CVE-2019-14834 describes a denial-of-service (DoS) vulnerability affecting dnsmasq versions prior to 2.81. This flaw allows remote attackers to exhaust system memory by crafting malicious DHCP responses, ultimately leading to service disruption. The vulnerability impacts systems running dnsmasq versions less than or equal to before 2.81. A fix is available in version 2.81.
The primary impact of CVE-2019-14834 is a denial-of-service condition. An attacker can exploit this vulnerability by sending specially crafted DHCP responses to the dnsmasq server. Each response triggers a memory leak, gradually consuming available RAM. As memory usage increases, the dnsmasq process and potentially the entire system may become unresponsive, preventing legitimate clients from resolving DNS queries. This can disrupt network connectivity and impact applications reliant on DNS resolution. The blast radius is limited to systems running vulnerable dnsmasq instances, although widespread exploitation could impact multiple hosts within a network.
CVE-2019-14834 has a LOW CVSS score. Public proof-of-concept exploits are not widely available, suggesting limited active exploitation. The vulnerability was disclosed in January 2020. It is not currently listed on the CISA KEV catalog. While the vulnerability exists, the relatively low severity and lack of readily available exploits suggest a lower probability of widespread exploitation.
Systems utilizing dnsmasq as a DNS forwarder or DHCP server are at risk. This includes home routers, small business networks, and larger enterprise environments where dnsmasq is deployed. Older systems running legacy dnsmasq configurations are particularly vulnerable.
• linux / server:
journalctl -u dnsmasq -f | grep -i 'memory leak'• linux / server:
ps aux | grep dnsmasq | grep -v grep | awk '{print $4}' | sort -n | head -n 10 # Check memory usage of dnsmasq processesdisclosure
Exploit-Status
EPSS
0.04% (13% Perzentil)
CVSS-Vektor
The recommended mitigation for CVE-2019-14834 is to upgrade dnsmasq to version 2.81 or later, which contains the fix for the memory leak. If immediate upgrading is not feasible, consider implementing rate limiting on DHCP responses at the network level to restrict the number of responses a client can send within a given timeframe. While not a complete solution, this can help mitigate the impact of the vulnerability. Monitor system memory usage closely, particularly on systems running dnsmasq. After upgrading, confirm the fix by sending a series of DHCP requests and verifying that memory usage remains stable.
Actualice dnsmasq a la versión 2.81 o posterior. Esto solucionará la fuga de memoria que permite a atacantes remotos causar una denegación de servicio. La actualización se puede realizar a través del gestor de paquetes de su sistema operativo.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2019-14834 is a denial-of-service vulnerability in dnsmasq versions before 2.81, allowing attackers to exhaust system memory via malicious DHCP responses.
You are affected if you are running dnsmasq versions prior to 2.81. Check your version and upgrade if necessary.
Upgrade dnsmasq to version 2.81 or later to resolve the memory leak vulnerability. Consider rate limiting DHCP responses as a temporary mitigation.
While the vulnerability exists, there is no widespread evidence of active exploitation at this time.
Refer to the dnsmasq project website and security advisories for detailed information and updates regarding CVE-2019-14834.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.