System	Score	Found at
cvssv3	8.8	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-14492.json
epss	0.92841	https://api.first.org/data/v1/epss?cve=CVE-2017-14492
epss	0.92841	https://api.first.org/data/v1/epss?cve=CVE-2017-14492
epss	0.92841	https://api.first.org/data/v1/epss?cve=CVE-2017-14492
epss	0.92841	https://api.first.org/data/v1/epss?cve=CVE-2017-14492
cvssv2	4.8	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3	5.4	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv2	7.5	https://nvd.nist.gov/vuln/detail/CVE-2017-14492
cvssv3	9.8	https://nvd.nist.gov/vuln/detail/CVE-2017-14492
archlinux	Critical	https://security.archlinux.org/AVG-421

Reference id	Reference type	URL
		http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00006.html
		http://nvidia.custhelp.com/app/answers/detail/a_id/4561
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-14492.json
		https://access.redhat.com/security/vulnerabilities/3199382
		https://api.first.org/data/v1/epss?cve=CVE-2017-14492
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14491
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14492
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14493
		https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14494
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html
		https://www.exploit-db.com/exploits/42942/
		https://www.kb.cert.org/vuls/id/973527
		https://www.mail-archive.com/dnsmasq-discuss%40lists.thekelleys.org.uk/msg11664.html
		https://www.mail-archive.com/dnsmasq-discuss%40lists.thekelleys.org.uk/msg11665.html
		https://www.synology.com/support/security/Synology_SA_17_59_Dnsmasq
		http://thekelleys.org.uk/dnsmasq/CHANGELOG
		http://thekelleys.org.uk/gitweb/?p=dnsmasq.git%3Ba=commit%3Bh=24036ea507862c7b7898b68289c8130f85599c10
		http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-005.txt
		http://www.debian.org/security/2017/dsa-3989
		http://www.securityfocus.com/bid/101085
		http://www.securitytracker.com/id/1039474
		http://www.ubuntu.com/usn/USN-3430-1
		http://www.ubuntu.com/usn/USN-3430-2
1495410		https://bugzilla.redhat.com/show_bug.cgi?id=1495410
ASA-201710-1		https://security.archlinux.org/ASA-201710-1
AVG-421		https://security.archlinux.org/AVG-421
cpe:2.3:a:thekelleys:dnsmasq:*:*:*:*:*:*:*:*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:thekelleys:dnsmasq:*:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:17.04:*:*:*:*:*:*:*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:17.04:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:7.1:*:*:*:*:*:*:*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.1:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:novell:leap:42.2:*:*:*:*:*:*:*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:novell:leap:42.2:*:*:*:*:*:*:*
cpe:2.3:o:novell:leap:42.3:*:*:*:*:*:*:*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:novell:leap:42.3:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
CVE-2017-14492	Exploit	https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/42942.py
CVE-2017-14492		https://nvd.nist.gov/vuln/detail/CVE-2017-14492
CVE-2017-14492	Exploit	https://raw.githubusercontent.com/google/security-research-pocs/master/vulnerabilities/dnsmasq/CVE-2017-14492.py
GLSA-201710-27		https://security.gentoo.org/glsa/201710-27
RHSA-2017:2836		https://access.redhat.com/errata/RHSA-2017:2836
RHSA-2017:2837		https://access.redhat.com/errata/RHSA-2017:2837
USN-3430-1		https://usn.ubuntu.com/3430-1/
USN-3430-2		https://usn.ubuntu.com/3430-2/

Data source	Exploit-DB
Date added	Oct. 2, 2017
Description	Dnsmasq < 2.78 - Heap Overflow
Ransomware campaign use	Known
Source publication date	Oct. 2, 2017
Exploit type	dos
Platform	multiple
Source update date	Oct. 2, 2017
Source URL	https://raw.githubusercontent.com/google/security-research-pocs/master/vulnerabilities/dnsmasq/CVE-2017-14492.py

Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-14492.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Vector: AV:A/AC:L/Au:N/C:N/I:P/A:P Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Exploitability (E)	Access Vector (AV)	Access Complexity (AC)	Authentication (Au)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
high functional unproven proof_of_concept not_defined	local adjacent_network network	high medium low	multiple single none	none partial complete	none partial complete	none partial complete

Vector: CVSS:3.0/AV:A/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P Found at https://nvd.nist.gov/vuln/detail/CVE-2017-14492

Exploitability (E)	Access Vector (AV)	Access Complexity (AC)	Authentication (Au)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
high functional unproven proof_of_concept not_defined	local adjacent_network network	high medium low	multiple single none	none partial complete	none partial complete	none partial complete

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2017-14492

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Percentile	0.99763
EPSS Score	0.92841
Published At	April 1, 2026, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2026-04-01T13:02:25.295432+00:00	Gentoo Importer	Import	https://security.gentoo.org/glsa/201710-27	38.0.0