Vulnerability Report

CVE-2017-14491

Title: Siemens Ruggedcom Rm1224 RCE

Memory Corruption

Proof Of Concept

PoC Available for CVE-2017-14491

CWE Category CWE-787
Published Date Oct 04, 2017
Modified Date May 13, 2026
Exploit Status Available
Score 9.8 CVSS v3.1
Exploit Probability (EPSS)
33.72%

Vulnerability Summary

CVE-2017-14491: Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response.

Impacted Vendors

S
synology 1
H
huawei 1
D
dnsmasq 1
T
thekelleys 1
S
suse 2
S
siemens 4
N
nvidia 3

Reference Links

http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00006.html http://nvidia.custhelp.com/app/answers/detail/a_id/4560 http://nvidia.custhelp.com/app/answers/detail/a_id/4561 http://packetstormsecurity.com/files/144480/Dnsmasq-2-Byte-Heap-Based-Overflow.html http://thekelleys.org.uk/dnsmasq/CHANGELOG http://thekelleys.org.uk/gitweb/?p=dnsmasq.git%3Ba=commit%3Bh=0549c73b7ea6b22a3c49beb4d432f185a81efcbc http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-005.txt http://www.debian.org/security/2017/dsa-3989 http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171103-01-dnsmasq-en http://www.securityfocus.com/bid/101085 http://www.securityfocus.com/bid/101977 http://www.securitytracker.com/id/1039474 http://www.ubuntu.com/usn/USN-3430-1 http://www.ubuntu.com/usn/USN-3430-2 http://www.ubuntu.com/usn/USN-3430-3 https://access.redhat.com/errata/RHSA-2017:2836 https://access.redhat.com/errata/RHSA-2017:2837 https://access.redhat.com/errata/RHSA-2017:2838 https://access.redhat.com/errata/RHSA-2017:2839 https://access.redhat.com/errata/RHSA-2017:2840 https://access.redhat.com/errata/RHSA-2017:2841 https://access.redhat.com/security/vulnerabilities/3199382 https://cert-portal.siemens.com/productcert/pdf/ssa-689071.pdf https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/527KNN34RN2SB6MBJG7CKSEBWYE3TJEB/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5MMPCJOYPPL4B5RBY4U425PWG7EETDTD/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YXRZ2W6TV6NLUJC5NOFBSG6PZSMDTYPV/ https://security.gentoo.org/glsa/201710-27 https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html https://www.arista.com/en/support/advisories-notices/security-advisories/3577-security-advisory-30 https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-449 https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-449/ https://www.debian.org/security/2017/dsa-3989 https://www.exploit-db.com/exploits/42941/ https://www.kb.cert.org/vuls/id/973527 https://www.mail-archive.com/dnsmasq-discuss%40lists.thekelleys.org.uk/msg11664.html https://www.mail-archive.com/dnsmasq-discuss%40lists.thekelleys.org.uk/msg11665.html https://www.synology.com/support/security/Synology_SA_17_59_Dnsmasq http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00003.html http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00005.html http://lists.opensuse.org/opensuse-security-announce/2017-10/msg00006.html http://nvidia.custhelp.com/app/answers/detail/a_id/4560 http://nvidia.custhelp.com/app/answers/detail/a_id/4561 http://packetstormsecurity.com/files/144480/Dnsmasq-2-Byte-Heap-Based-Overflow.html http://thekelleys.org.uk/dnsmasq/CHANGELOG http://thekelleys.org.uk/gitweb/?p=dnsmasq.git%3Ba=commit%3Bh=0549c73b7ea6b22a3c49beb4d432f185a81efcbc http://www.arubanetworks.com/assets/alert/ARUBA-PSA-2017-005.txt http://www.debian.org/security/2017/dsa-3989 http://www.huawei.com/en/psirt/security-advisories/huawei-sa-20171103-01-dnsmasq-en http://www.securityfocus.com/bid/101085 http://www.securityfocus.com/bid/101977 http://www.securitytracker.com/id/1039474 http://www.ubuntu.com/usn/USN-3430-1 http://www.ubuntu.com/usn/USN-3430-2 http://www.ubuntu.com/usn/USN-3430-3 https://access.redhat.com/errata/RHSA-2017:2836 https://access.redhat.com/errata/RHSA-2017:2837 https://access.redhat.com/errata/RHSA-2017:2838 https://access.redhat.com/errata/RHSA-2017:2839 https://access.redhat.com/errata/RHSA-2017:2840 https://access.redhat.com/errata/RHSA-2017:2841 https://access.redhat.com/security/vulnerabilities/3199382 https://cert-portal.siemens.com/productcert/pdf/ssa-689071.pdf https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/527KNN34RN2SB6MBJG7CKSEBWYE3TJEB/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5MMPCJOYPPL4B5RBY4U425PWG7EETDTD/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/YXRZ2W6TV6NLUJC5NOFBSG6PZSMDTYPV/ https://security.gentoo.org/glsa/201710-27 https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html https://www.arista.com/en/support/advisories-notices/security-advisories/3577-security-advisory-30 https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-449 https://www.broadcom.com/support/fibre-channel-networking/security-advisories/brocade-security-advisory-2017-449/ https://www.debian.org/security/2017/dsa-3989 https://www.exploit-db.com/exploits/42941/ https://www.kb.cert.org/vuls/id/973527 https://www.mail-archive.com/dnsmasq-discuss%40lists.thekelleys.org.uk/msg11664.html https://www.mail-archive.com/dnsmasq-discuss%40lists.thekelleys.org.uk/msg11665.html https://www.synology.com/support/security/Synology_SA_17_59_Dnsmasq
CVSS v3.1
Source Entity [email protected]
Severity CRITICAL
9.8
Attack Vector
NETWORK
Complexity
LOW
Privileges
N/A
Interaction
NONE
Confidentiality
N/A
Integrity
N/A
Availability
N/A
Scope
UNCHANGED
RAW VECTOR CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
CVSS v2.0
Source Entity [email protected]
Severity HIGH
7.5
Access Vector
N/A
Authentication
N/A
RAW VECTOR AV:N/AC:L/Au:N/C:P/I:P/A:P

Associated Attack Patterns (CAPEC)

Total: Patterns

CVE-2017-14491 Exploits & PoCs (Proof Of Concept)

Exploit-DB https://www.exploit-db.com/exploits/42941
View Code
MODIFIED

Vulnerability data updated via NVD.

MODIFIED

Vulnerability data updated via NVD.

MODIFIED

Vulnerability data updated via NVD.

MODIFIED

Vulnerability data updated via NVD.

MODIFIED

Vulnerability data updated via NVD.

MODIFIED

Vulnerability data updated via NVD.

MODIFIED

Vulnerability data updated via NVD.

MODIFIED

Vulnerability data updated via NVD.

MODIFIED

Vulnerability data updated via NVD.

MODIFIED

Vulnerability data updated via NVD.

MODIFIED

Vulnerability data updated via NVD.

MODIFIED

Vulnerability data updated via NVD.

MODIFIED

Vulnerability data updated via NVD.

MODIFIED

Vulnerability data updated via NVD.

MODIFIED

Vulnerability data updated via NVD.

MODIFIED

Vulnerability data updated via NVD.

MODIFIED

Vulnerability data or affected products updated.

PUBLISHED

Vulnerability first announced in NVD.

Attack Vector Matrix

Access Vector NETWORK
Complexity LOW
Privileges N/A
Interaction NONE
CVSS Vector String CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Affected Stack

No specific products linked.