CVE-2017-14492

Source
Severity Critical
Remote Yes
Type Arbitrary code execution
Description
A heap buffer overflow was discovered in dnsmasq in the IPv6 router advertisement (RA) handling code. An attacker on the local network segment could send crafted RAs to dnsmasq which would cause it to crash or, potentially, execute arbitrary code. This issue only affected configurations using one of these options: enable-ra, ra-only, slaac, ra-names, ra-advrouter, or ra-stateless.
Group Package Affected Fixed Severity Status Ticket
AVG-421 dnsmasq 2.77-1 2.78-1 Critical Fixed
Date Advisory Group Package Severity Description
02 Oct 2017 ASA-201710-1 AVG-421 dnsmasq Critical multiple issues
References
http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commitdiff;h=24036ea507862c7b7898b68289c8130f85599c10