A vulnerability was found in dnsmasq before version 2.81, where the memory leak allows remote attackers to cause a denial of service (memory consumption) via vectors involving DHCP response creation.
翻译中…平台
linux
组件
dnsmasq
修复版本
2.81.1
CVE-2019-14834 describes a denial-of-service (DoS) vulnerability affecting dnsmasq versions prior to 2.81. This flaw allows remote attackers to exhaust system memory by crafting malicious DHCP responses, ultimately leading to service disruption. The vulnerability impacts systems running dnsmasq versions less than or equal to before 2.81. A fix is available in version 2.81.
影响与攻击场景翻译中…
The primary impact of CVE-2019-14834 is a denial-of-service condition. An attacker can exploit this vulnerability by sending specially crafted DHCP responses to the dnsmasq server. Each response triggers a memory leak, gradually consuming available RAM. As memory usage increases, the dnsmasq process and potentially the entire system may become unresponsive, preventing legitimate clients from resolving DNS queries. This can disrupt network connectivity and impact applications reliant on DNS resolution. The blast radius is limited to systems running vulnerable dnsmasq instances, although widespread exploitation could impact multiple hosts within a network.
利用背景翻译中…
CVE-2019-14834 has a LOW CVSS score. Public proof-of-concept exploits are not widely available, suggesting limited active exploitation. The vulnerability was disclosed in January 2020. It is not currently listed on the CISA KEV catalog. While the vulnerability exists, the relatively low severity and lack of readily available exploits suggest a lower probability of widespread exploitation.
哪些人处于风险中翻译中…
Systems utilizing dnsmasq as a DNS forwarder or DHCP server are at risk. This includes home routers, small business networks, and larger enterprise environments where dnsmasq is deployed. Older systems running legacy dnsmasq configurations are particularly vulnerable.
检测步骤翻译中…
• linux / server:
journalctl -u dnsmasq -f | grep -i 'memory leak'• linux / server:
ps aux | grep dnsmasq | grep -v grep | awk '{print $4}' | sort -n | head -n 10 # Check memory usage of dnsmasq processes攻击时间线
- Disclosure
disclosure
威胁情报
漏洞利用状态
EPSS
0.04% (13% 百分位)
CVSS 向量
这些指标意味着什么?
- Attack Vector
- 网络 — 可通过互联网远程利用,无需物理或本地访问。攻击面最大。
- Attack Complexity
- 高 — 需要竞态条件、非默认配置或特定情况。难以可靠利用。
- Privileges Required
- 无 — 无需认证,无需凭证即可利用。
- User Interaction
- 无 — 攻击自动且无声,受害者无需任何操作。
- Scope
- 未改变 — 影响仅限于脆弱组件本身。
- Confidentiality
- 无 — 无机密性影响。
- Integrity
- 无 — 无完整性影响。
- Availability
- 低 — 部分或间歇性拒绝服务。
受影响的软件
弱点分类 (CWE)
时间线
- 已保留
- 发布日期
- 修改日期
- EPSS 更新日期
缓解措施和替代方案翻译中…
The recommended mitigation for CVE-2019-14834 is to upgrade dnsmasq to version 2.81 or later, which contains the fix for the memory leak. If immediate upgrading is not feasible, consider implementing rate limiting on DHCP responses at the network level to restrict the number of responses a client can send within a given timeframe. While not a complete solution, this can help mitigate the impact of the vulnerability. Monitor system memory usage closely, particularly on systems running dnsmasq. After upgrading, confirm the fix by sending a series of DHCP requests and verifying that memory usage remains stable.
修复方法翻译中…
Actualice dnsmasq a la versión 2.81 o posterior. Esto solucionará la fuga de memoria que permite a atacantes remotos causar una denegación de servicio. La actualización se puede realizar a través del gestor de paquetes de su sistema operativo.
CVE 安全通讯
漏洞分析和关键警报直接发送到您的邮箱。
常见问题翻译中…
What is CVE-2019-14834 — DoS in dnsmasq?
CVE-2019-14834 is a denial-of-service vulnerability in dnsmasq versions before 2.81, allowing attackers to exhaust system memory via malicious DHCP responses.
Am I affected by CVE-2019-14834 in dnsmasq?
You are affected if you are running dnsmasq versions prior to 2.81. Check your version and upgrade if necessary.
How do I fix CVE-2019-14834 in dnsmasq?
Upgrade dnsmasq to version 2.81 or later to resolve the memory leak vulnerability. Consider rate limiting DHCP responses as a temporary mitigation.
Is CVE-2019-14834 being actively exploited?
While the vulnerability exists, there is no widespread evidence of active exploitation at this time.
Where can I find the official dnsmasq advisory for CVE-2019-14834?
Refer to the dnsmasq project website and security advisories for detailed information and updates regarding CVE-2019-14834.