CVE-2017-14494 – Thekelleys / Dnsmasq – Information disclosure

CVE-2017-14494 is an information disclosure vulnerability impacting Thekelleys Dnsmasq versions 2.77 and earlier. An exploit was observed in open source and subsequently shared in the underground.

Summary:

CVE-2017-14494 is an information disclosure vulnerability impacting Thekelleys Dnsmasq versions 2.77 and earlier. An exploit was observed in open source and subsequently shared in the underground.

PoC Links(if available):

GitHub commit exploit –
https://github.com/google/security-research-pocs/blob/master/vulnerabilities/dnsmasq/CVE-2017-14494.py

Known Counter Measures:

Thekelleys addressed the vulnerability in Dnsmasq version 2.78.

Links to patches(if available)

https://thekelleys.org.uk/dnsmasq/