Here's an initial draft for an impact description. Please review and comment. If this summary reasonably captures the vulnerability, I'll use it as the basis for our CVE request to MITRE, notification to downstream stakeholders, and eventual security advisory. Also, Pavel, please let me know if you have any organization you want credited with the discovery alongside your name.
Title: Exposure of dnsmasq buffer overflow via extra_dhcp_opts
Reporter: Pavel Toporkov
Products: Neutron
Affects: <16.4.1, >=17.0.0 <17.2.1, >=18.0.0 <18.1.1
Description:
Pavel Toporkov reported a vulnerability in Neutron. By supplying a specially crafted extra_dhcp_opts value, an authenticated user may trigger a configuration parsing buffer overflow in some older versions of dnsmasq, resulting in denial of service or remote code execution on the hosts where dnsmasq is running. Only deployments with dnsmasq prior to 2.81 or without commit 7d04e17 applied are affected.
Here's an initial draft for an impact description. Please review and comment. If this summary reasonably captures the vulnerability, I'll use it as the basis for our CVE request to MITRE, notification to downstream stakeholders, and eventual security advisory. Also, Pavel, please let me know if you have any organization you want credited with the discovery alongside your name.
Title: Exposure of dnsmasq buffer overflow via extra_dhcp_opts
Reporter: Pavel Toporkov
Products: Neutron
Affects: <16.4.1, >=17.0.0 <17.2.1, >=18.0.0 <18.1.1
Description:
Pavel Toporkov reported a vulnerability in Neutron. By supplying a specially crafted extra_dhcp_opts value, an authenticated user may trigger a configuration parsing buffer overflow in some older versions of dnsmasq, resulting in denial of service or remote code execution on the hosts where dnsmasq is running. Only deployments with dnsmasq prior to 2.81 or without commit 7d04e17 applied are affected.