-
Committer:
Simon Kelley
-
Date:
2017-09-25 19:16:50 UTC
-
Revision ID:
git-v1:51eadb692a5123b9838e5a68ecace3ac579a3a45
Security fix, CVE-2017-14495, OOM in DNS response creation.
Fix out-of-memory Dos vulnerability. An attacker which can
send malicious DNS queries to dnsmasq can trigger memory
allocations in the add_pseudoheader function
The allocated memory is never freed which leads to a DoS
through memory exhaustion. dnsmasq is vulnerable only
if one of the following option is specified:
--add-mac, --add-cpe-id or --add-subnet.