Published: 23/01/2018 Updated: 09/10/2019

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:P/A:N

A vulnerability was found in the implementation of DNSSEC in Dnsmasq up to and including 2.78. Wildcard synthesized NSEC records could be improperly interpreted to prove the non-existence of hostnames that actually exist.

Vulnerable Product	Search on Vulmon	Subscribe to Product
thekelleys dnsmasq

Debian Bug report logs - #888200 dnsmasq: CVE-2017-15107 Package: src:dnsmasq; Maintainer for src:dnsmasq is Simon Kelley <simon@thekelleysorguk>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 23 Jan 2018 21:21:02 UTC Severity: important Tags: patch, security, upstream Found in version dnsmasq/2 ...

A vulnerability was found in Dnsmasq's implementation of DNSSEC Wildcard synthesized NSEC records could be improperly interpreted to prove the non-existence of hostnames that actually exist ...

A vulnerability was found in Dnsmasq's implementation of DNSSEC before 279 Wildcard synthesized NSEC records could be improperly interpreted to prove the non-existence of hostnames that actually exist ...

NVD-CWE-noinfo http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2018q1/011896.html http://www.securityfocus.com/bid/102812 http://lists.opensuse.org/opensuse-security-announce/2019-12/msg00027.html https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=888200 https://nvd.nist.gov https://access.redhat.com/security/cve/cve-2017-15107

CVE-2017-15107

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect