Staging Environment: Content and features may be unstable or change without notice.
Search for vulnerabilities
Vulnerability details: VCID-ru4r-dtwq-sub2
Vulnerability ID VCID-ru4r-dtwq-sub2
Aliases CVE-2017-14496
Summary Multiple vulnerabilities have been found in Dnsmasq, the worst of which may allow remote attackers to execute arbitrary code.
Status Published
Exploitability 2.0
Weighted Severity 9.0
Risk 10.0
Affected and Fixed Packages Package Details
Weaknesses (3)
CWE-190 Integer Overflow or Wraparound
CWE-125 Out-of-bounds Read
CWE-191 Integer Underflow (Wrap or Wraparound)
System Score Found at
cvssv3 7.5 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-14496.json
epss 0.16883 https://api.first.org/data/v1/epss?cve=CVE-2017-14496
epss 0.16883 https://api.first.org/data/v1/epss?cve=CVE-2017-14496
epss 0.16883 https://api.first.org/data/v1/epss?cve=CVE-2017-14496
epss 0.16883 https://api.first.org/data/v1/epss?cve=CVE-2017-14496
epss 0.16883 https://api.first.org/data/v1/epss?cve=CVE-2017-14496
epss 0.16883 https://api.first.org/data/v1/epss?cve=CVE-2017-14496
epss 0.16883 https://api.first.org/data/v1/epss?cve=CVE-2017-14496
epss 0.16883 https://api.first.org/data/v1/epss?cve=CVE-2017-14496
epss 0.16883 https://api.first.org/data/v1/epss?cve=CVE-2017-14496
cvssv2 7.8 https://nvd.nist.gov/vuln/detail/CVE-2017-14496
cvssv3 7.5 https://nvd.nist.gov/vuln/detail/CVE-2017-14496
archlinux Critical https://security.archlinux.org/AVG-421
Reference id Reference type URL
http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00006.html
http://nvidia.custhelp.com/app/answers/detail/a_id/4561
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-14496.json
https://access.redhat.com/security/vulnerabilities/3199382
https://api.first.org/data/v1/epss?cve=CVE-2017-14496
https://cert-portal.siemens.com/productcert/pdf/ssa-689071.pdf
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-14496
https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html
https://source.android.com/security/bulletin/2017-10-01
https://www.exploit-db.com/exploits/42946/
https://www.kb.cert.org/vuls/id/973527
https://www.mail-archive.com/dnsmasq-discuss%40lists.thekelleys.org.uk/msg11664.html
https://www.mail-archive.com/dnsmasq-discuss%40lists.thekelleys.org.uk/msg11665.html
https://www.synology.com/support/security/Synology_SA_17_59_Dnsmasq
http://thekelleys.org.uk/dnsmasq/CHANGELOG
http://thekelleys.org.uk/gitweb/?p=dnsmasq.git%3Ba=commit%3Bh=897c113fda0886a28a986cc6ba17bb93bd6cb1c7
http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-005.txt
http://www.debian.org/security/2017/dsa-3989
http://www.securityfocus.com/bid/101085
http://www.securityfocus.com/bid/101977
http://www.securitytracker.com/id/1039474
http://www.ubuntu.com/usn/USN-3430-1
http://www.ubuntu.com/usn/USN-3430-2
1495416 https://bugzilla.redhat.com/show_bug.cgi?id=1495416
ASA-201710-1 https://security.archlinux.org/ASA-201710-1
AVG-421 https://security.archlinux.org/AVG-421
cpe:2.3:a:thekelleys:dnsmasq:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:thekelleys:dnsmasq:*:*:*:*:*:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:14.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:16.04:*:*:*:lts:*:*:*
cpe:2.3:o:canonical:ubuntu_linux:17.04:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:canonical:ubuntu_linux:17.04:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:7.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:7.1:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:google:android:4.4.4:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:google:android:4.4.4:*:*:*:*:*:*:*
cpe:2.3:o:google:android:5.0.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:google:android:5.0.2:*:*:*:*:*:*:*
cpe:2.3:o:google:android:5.1.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:google:android:5.1.1:*:*:*:*:*:*:*
cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:google:android:6.0:*:*:*:*:*:*:*
cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:google:android:6.0.1:*:*:*:*:*:*:*
cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:google:android:7.0:*:*:*:*:*:*:*
cpe:2.3:o:google:android:7.1.1:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:google:android:7.1.1:*:*:*:*:*:*:*
cpe:2.3:o:google:android:7.1.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:google:android:7.1.2:*:*:*:*:*:*:*
cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:google:android:8.0:*:*:*:*:*:*:*
cpe:2.3:o:novell:leap:42.2:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:novell:leap:42.2:*:*:*:*:*:*:*
cpe:2.3:o:novell:leap:42.3:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:novell:leap:42.3:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_desktop:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_server:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:o:redhat:enterprise_linux_workstation:7.0:*:*:*:*:*:*:*
CVE-2017-14496 Exploit https://gitlab.com/exploit-database/exploitdb/-/blob/main/exploits/multiple/dos/42946.py
CVE-2017-14496 https://nvd.nist.gov/vuln/detail/CVE-2017-14496
CVE-2017-14496 Exploit https://raw.githubusercontent.com/google/security-research-pocs/master/vulnerabilities/dnsmasq/CVE-2017-14496.py
GLSA-201710-27 https://security.gentoo.org/glsa/201710-27
RHSA-2017:2836 https://access.redhat.com/errata/RHSA-2017:2836
USN-3430-1 https://usn.ubuntu.com/3430-1/
USN-3430-2 https://usn.ubuntu.com/3430-2/
Data source Exploit-DB
Date added Oct. 2, 2017
Description Dnsmasq < 2.78 - Integer Underflow
Ransomware campaign use Known
Source publication date Oct. 2, 2017
Exploit type dos
Platform multiple
Source update date Oct. 2, 2017
Source URL https://raw.githubusercontent.com/google/security-research-pocs/master/vulnerabilities/dnsmasq/CVE-2017-14496.py
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2017-14496.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C Found at https://nvd.nist.gov/vuln/detail/CVE-2017-14496
Exploitability (E) Access Vector (AV) Access Complexity (AC) Authentication (Au) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

high

functional

unproven

proof_of_concept

not_defined

local

adjacent_network

network

high

medium

low

multiple

single

none

none

partial

complete

none

partial

complete

none

partial

complete
Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H Found at https://nvd.nist.gov/vuln/detail/CVE-2017-14496
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.94927
EPSS Score 0.16883
Published At April 1, 2026, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2026-04-01T13:02:25.338942+00:00 Gentoo Importer Import https://security.gentoo.org/glsa/201710-27 38.0.0