[Dnsmasq-discuss] CVE-2017-14495 PoC causes high CPU usage and denial of service against dnsmasq v2.79
Kevin Darbyshire-Bryant
kevin at darbyshire-bryant.me.uk
Mon Oct 8 08:24:59 BST 2018
> On 8 Oct 2018, at 02:58, Mouath Ibrahim <dnsmasq at mouath.com> wrote:
>
> Hello,
>
> I ran the PoC supplied by Google research team found here: https://github.com/
> google/security-research-pocs/blob/master/vulnerabilities/dnsmasq/
> CVE-2017-14495.py
>
> and noticed immediately that dnsmasq process uses up 100% CPU usage and stops
> responding to queries short after based on the original CVE the effect was
> high memory usage but in this cause it was not.
>
> note dnsmasq didn't have any of these options set "--add-mac, --add-cpe-id or
> --add-subnet".
>
> Regards,
> Mouath Ibrahim
I am unable to reproduce. Against which version/s of dnsmasq did you try?
Cheers,
Kevin D-B
012C ACB2 28C6 C53E 9775 9123 B3A2 389B 9DE2 334A
More information about the Dnsmasq-discuss
mailing list