Think you have a false positive on this rule?

Sid 1-47881


PROTOCOL-DNS dnsmasq add_pseudoheader memory leak attempt


This event is generated when a dnsmasq add_pseudoheader memory leak attempt is detected.


Attempted Denial of Service


CVSS base score 7.5

CVSS impact score 3.6

CVSS exploitability score 3.9

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Detailed information

CVE-2017-14495: Memory leak in dnsmasq before 2.78, when the --add-mac, --add-cpe-id or --add-subnet option is specified, allows remote attackers to cause a denial of service (memory consumption) via vectors involving DNS response creation.

Affected systems

  • thekelleys dnsmasq 2.77
  • canonical ubuntu_linux 14.04
  • canonical ubuntu_linux 16.04
  • canonical ubuntu_linux 17.04
  • debian debian_linux 7.0
  • debian debian_linux 7.1
  • debian debian_linux 9.0
  • redhat enterpriselinuxdesktop 7.0
  • redhat enterpriselinuxserver 7.0
  • redhat enterpriselinuxworkstation 7.0

Ease of attack


Access Vector

Access Complexity


False positives

False negatives

Corrective action


  • Cisco's Talos Intelligence Group

Additional References