CVE-2017-14495 - log back

CVE-2017-14495 created at 25 Sep 2019 19:31:40
Severity
+ High
Remote
+ Remote
Type
+ Denial of service
Description
+ A memory exhaustion flaw was found in dnsmasq in the EDNS0 code. An attacker could send crafted DNS packets which would trigger memory allocations which would never be freed, leading to unbounded memory consumption and eventually a crash. This issue only affected configurations using one of the options: add-mac, add-cpe-id, or add-subnet.
References
+ http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commitdiff;h=51eadb692a5123b9838e5a68ecace3ac579a3a45
Notes