MidnightBSD

Advisories for thekelleys

CVE-2005-0877 MEDIUM

Dnsmasq before 2.21 allows remote attackers to poison the DNS cache via answers to queries that were not made by Dnsmasq.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-346,

Products Affected

Vendor Product Version
thekelleys dnsmasq *
CVE-2012-3411 MEDIUM

Dnsmasq before 2.63test1, when used with certain libvirt configurations, replies to requests from prohibited interfaces, which allows remote attackers to cause a denial of service (traffic amplification) via a spoofed DNS query.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
redhat enterprise_linux_server 6.0
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_desktop 6.0
thekelleys dnsmasq *
CVE-2013-0198 MEDIUM

Dnsmasq before 2.66test2, when used with certain libvirt configurations, replies to queries from prohibited interfaces, which allows remote attackers to cause a denial of service (traffic amplification) via spoofed TCP based DNS queries. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3411.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
thekelleys dnsmasq *
CVE-2015-3294 MEDIUM

The tcp_request function in Dnsmasq before 2.73rc4 does not properly handle the return value of the setup_reply function, which allows remote attackers to read process memory and cause a denial of service (out-of-bounds read and crash) via a malformed DNS request.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-19,

Products Affected

Vendor Product Version
oracle solaris 11.2
thekelleys dnsmasq *
CVE-2015-8899 MEDIUM

Dnsmasq before 2.76 allows remote servers to cause a denial of service (crash) via a reply with an empty DNS address that has an (1) A or (2) AAAA record defined locally.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
canonical ubuntu_linux 15.10
thekelleys dnsmasq *
canonical ubuntu_linux 16.04
CVE-2017-13704 MEDIUM

In dnsmasq before 2.78, if the DNS packet size does not match the expected size, the size parameter in a memset call gets a negative value. As it is an unsigned value, memset ends up writing up to 0xffffffff zero's (0xffffffffffffffff in 64 bit platforms), making dnsmasq crash.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-20,

Products Affected

Vendor Product Version
canonical ubuntu_linux 17.04
debian debian_linux 9.0
novell leap 42.2
thekelleys dnsmasq *
redhat enterprise_linux_workstation 7.0
debian debian_linux 7.1
canonical ubuntu_linux 16.04
redhat enterprise_linux_server 7.0
debian debian_linux 7.0
canonical ubuntu_linux 14.04
novell leap 42.3
fedoraproject fedora 27
redhat enterprise_linux_desktop 7.0
CVE-2017-14491 HIGH

Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,

Products Affected

Vendor Product Version
huawei honor_v9_play_firmware *
canonical ubuntu_linux 17.04
arubanetworks arubaos *
suse linux_enterprise_server 11
suse linux_enterprise_point_of_sale 11
thekelleys dnsmasq *
synology diskstation_manager 6.1
nvidia linux_for_tegra *
suse linux_enterprise_server 12
siemens scalance_m-800_firmware *
redhat enterprise_linux_server 7.0
suse linux_enterprise_debuginfo 11
canonical ubuntu_linux 14.04
redhat enterprise_linux_workstation 6.0
redhat enterprise_linux_desktop 6.0
synology diskstation_manager 5.2
siemens scalance_s615_firmware *
canonical ubuntu_linux 12.04
debian debian_linux 9.0
debian debian_linux 8.0
siemens scalance_w1750d_firmware *
redhat enterprise_linux_workstation 7.0
debian debian_linux 7.1
canonical ubuntu_linux 16.04
synology diskstation_manager 6.0
redhat enterprise_linux_server 6.0
debian debian_linux 7.0
opensuse leap 42.2
siemens ruggedcom_rm1224_firmware *
nvidia geforce_experience *
redhat enterprise_linux_desktop 7.0
arista eos *
opensuse leap 42.3
synology router_manager 1.1
CVE-2017-14492 HIGH

Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted IPv6 router advertisement request.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
redhat enterprise_linux_server 7.0
canonical ubuntu_linux 17.04
debian debian_linux 7.0
canonical ubuntu_linux 14.04
debian debian_linux 9.0
redhat enterprise_linux_desktop 7.0
thekelleys dnsmasq *
redhat enterprise_linux_workstation 7.0
debian debian_linux 7.1
canonical ubuntu_linux 16.04
CVE-2017-14493 HIGH

Stack-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DHCPv6 request.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-119,

Products Affected

Vendor Product Version
canonical ubuntu_linux 17.04
debian debian_linux 9.0
thekelleys dnsmasq *
redhat enterprise_linux_workstation 7.0
debian debian_linux 7.1
canonical ubuntu_linux 16.04
redhat enterprise_linux_server 7.0
debian debian_linux 7.0
canonical ubuntu_linux 14.04
opensuse leap 42.2
redhat enterprise_linux_desktop 7.0
opensuse leap 42.3
CVE-2017-14494 MEDIUM

dnsmasq before 2.78, when configured as a relay, allows remote attackers to obtain sensitive memory information via vectors involving handling DHCPv6 forwarded requests.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-200,

Products Affected

Vendor Product Version
canonical ubuntu_linux 17.04
debian debian_linux 9.0
novell leap 42.2
thekelleys dnsmasq *
redhat enterprise_linux_workstation 7.0
debian debian_linux 7.1
canonical ubuntu_linux 16.04
redhat enterprise_linux_server 7.0
debian debian_linux 7.0
canonical ubuntu_linux 14.04
novell leap 42.3
redhat enterprise_linux_desktop 7.0
CVE-2017-14495 MEDIUM

Memory leak in dnsmasq before 2.78, when the --add-mac, --add-cpe-id or --add-subnet option is specified, allows remote attackers to cause a denial of service (memory consumption) via vectors involving DNS response creation.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-772,

Products Affected

Vendor Product Version
redhat enterprise_linux_server 7.0
canonical ubuntu_linux 17.04
debian debian_linux 7.0
canonical ubuntu_linux 14.04
debian debian_linux 9.0
redhat enterprise_linux_desktop 7.0
thekelleys dnsmasq *
redhat enterprise_linux_workstation 7.0
debian debian_linux 7.1
canonical ubuntu_linux 16.04
CVE-2017-14496 HIGH

Integer underflow in the add_pseudoheader function in dnsmasq before 2.78 , when the --add-mac, --add-cpe-id or --add-subnet option is specified, allows remote attackers to cause a denial of service via a crafted DNS request.

CVSS 2.0

Severity: HIGH

Problem Type: CWE-191,

Products Affected

Vendor Product Version
canonical ubuntu_linux 17.04
debian debian_linux 9.0
google android 8.0
novell leap 42.2
thekelleys dnsmasq *
google android 4.4.4
redhat enterprise_linux_workstation 7.0
google android 6.0.1
debian debian_linux 7.1
canonical ubuntu_linux 16.04
google android 7.1.2
redhat enterprise_linux_server 7.0
debian debian_linux 7.0
canonical ubuntu_linux 14.04
novell leap 42.3
google android 7.1.1
google android 5.0.2
google android 6.0
google android 7.0
redhat enterprise_linux_desktop 7.0
google android 5.1.1
CVE-2017-15107 MEDIUM

A vulnerability was found in the implementation of DNSSEC in Dnsmasq up to and including 2.78. Wildcard synthesized NSEC records could be improperly interpreted to prove the non-existence of hostnames that actually exist.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-358,NVD-CWE-noinfo,

Products Affected

Vendor Product Version
thekelleys dnsmasq *
CVE-2019-14513 MEDIUM

Improper bounds checking in Dnsmasq before 2.76 allows an attacker controlled DNS server to send large DNS packets that result in a read operation beyond the buffer allocated for the packet, a different vulnerability than CVE-2017-14491.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-125,

Products Affected

Vendor Product Version
debian debian_linux 8.0
thekelleys dnsmasq *
CVE-2019-14834 MEDIUM

A vulnerability was found in dnsmasq before version 2.81, where the memory leak allows remote attackers to cause a denial of service (memory consumption) via vectors involving DHCP response creation.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 3.7 LOW CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L 2.2 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-770,CWE-770,

Products Affected

Vendor Product Version
thekelleys dnsmasq *
fedoraproject fedora 31
CVE-2020-25681 HIGH

A flaw was found in dnsmasq before version 2.83. A heap-based buffer overflow was discovered in the way RRSets are sorted before validating with DNSSEC data. An attacker on the network, who can forge DNS replies such as that they are accepted as valid, could use this flaw to cause a buffer overflow with arbitrary data in a heap memory segment, possibly executing code on the machine. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.1 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 2.2 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-122,

Products Affected

Vendor Product Version
fedoraproject fedora 33
debian debian_linux 9.0
fedoraproject fedora 32
debian debian_linux 10.0
thekelleys dnsmasq *
CVE-2020-25682 HIGH

A flaw was found in dnsmasq before 2.83. A buffer overflow vulnerability was discovered in the way dnsmasq extract names from DNS packets before validating them with DNSSEC data. An attacker on the network, who can create valid DNS replies, could use this flaw to cause an overflow with arbitrary data in a heap-allocated memory, possibly executing code on the machine. The flaw is in the rfc1035.c:extract_name() function, which writes data to the memory pointed by name assuming MAXDNAME*2 bytes are available in the buffer. However, in some code execution paths, it is possible extract_name() gets passed an offset from the base buffer, thus reducing, in practice, the number of available bytes that can be written in the buffer. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 8.1 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H 2.2 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-122,CWE-787,

Products Affected

Vendor Product Version
fedoraproject fedora 33
debian debian_linux 9.0
fedoraproject fedora 32
debian debian_linux 10.0
thekelleys dnsmasq *
CVE-2020-25683 HIGH

A flaw was found in dnsmasq before version 2.83. A heap-based buffer overflow was discovered in dnsmasq when DNSSEC is enabled and before it validates the received DNS entries. A remote attacker, who can create valid DNS replies, could use this flaw to cause an overflow in a heap-allocated memory. This flaw is caused by the lack of length checks in rfc1035.c:extract_name(), which could be abused to make the code execute memcpy() with a negative size in get_rdata() and cause a crash in dnsmasq, resulting in a denial of service. The highest threat from this vulnerability is to system availability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 2.2 3.6

CVSS 2.0

Severity: HIGH

Problem Type: CWE-122,

Products Affected

Vendor Product Version
fedoraproject fedora 33
debian debian_linux 9.0
fedoraproject fedora 32
debian debian_linux 10.0
thekelleys dnsmasq *
CVE-2020-25684 MEDIUM

A flaw was found in dnsmasq before version 2.83. When getting a reply from a forwarded query, dnsmasq checks in the forward.c:reply_query() if the reply destination address/port is used by the pending forwarded queries. However, it does not use the address/port to retrieve the exact forwarded query, substantially reducing the number of attempts an attacker on the network would have to perform to forge a reply and get it accepted by dnsmasq. This issue contrasts with RFC5452, which specifies a query's attributes that all must be used to match a reply. This flaw allows an attacker to perform a DNS Cache Poisoning attack. If chained with CVE-2020-25685 or CVE-2020-25686, the attack complexity of a successful attack is reduced. The highest threat from this vulnerability is to data integrity.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 3.7 LOW CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N 2.2 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-358,NVD-CWE-Other,

Products Affected

Vendor Product Version
fedoraproject fedora 33
debian debian_linux 9.0
fedoraproject fedora 32
debian debian_linux 10.0
arista eos *
thekelleys dnsmasq *
CVE-2020-25685 MEDIUM

A flaw was found in dnsmasq before version 2.83. When getting a reply from a forwarded query, dnsmasq checks in forward.c:reply_query(), which is the forwarded query that matches the reply, by only using a weak hash of the query name. Due to the weak hash (CRC32 when dnsmasq is compiled without DNSSEC, SHA-1 when it is) this flaw allows an off-path attacker to find several different domains all having the same hash, substantially reducing the number of attempts they would have to perform to forge a reply and get it accepted by dnsmasq. This is in contrast with RFC5452, which specifies that the query name is one of the attributes of a query that must be used to match a reply. This flaw could be abused to perform a DNS Cache Poisoning attack. If chained with CVE-2020-25684 the attack complexity of a successful attack is reduced. The highest threat from this vulnerability is to data integrity.

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-326,CWE-326,

Products Affected

Vendor Product Version
fedoraproject fedora 33
fedoraproject fedora 32
debian debian_linux 10.0
arista eos *
thekelleys dnsmasq *
CVE-2020-25686 MEDIUM

A flaw was found in dnsmasq before version 2.83. When receiving a query, dnsmasq does not check for an existing pending request for the same name and forwards a new request. By default, a maximum of 150 pending queries can be sent to upstream servers, so there can be at most 150 queries for the same name. This flaw allows an off-path attacker on the network to substantially reduce the number of attempts that it would have to perform to forge a reply and have it accepted by dnsmasq. This issue is mentioned in the "Birthday Attacks" section of RFC5452. If chained with CVE-2020-25684, the attack complexity of a successful attack is reduced. The highest threat from this vulnerability is to data integrity.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 3.7 LOW CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N 2.2 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-358,CWE-290,

Products Affected

Vendor Product Version
fedoraproject fedora 33
fedoraproject fedora 32
debian debian_linux 10.0
arista eos *
thekelleys dnsmasq *
CVE-2020-25687 HIGH

A flaw was found in dnsmasq before version 2.83. A heap-based buffer overflow was discovered in dnsmasq when DNSSEC is enabled and before it validates the received DNS entries. This flaw allows a remote attacker, who can create valid DNS replies, to cause an overflow in a heap-allocated memory. This flaw is caused by the lack of length checks in rfc1035.c:extract_name(), which could be abused to make the code execute memcpy() with a negative size in sort_rrset() and cause a crash in dnsmasq, resulting in a denial of service. The highest threat from this vulnerability is to system availability.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.9 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H 2.2 3.6

CVSS 2.0

Severity: HIGH

Problem Type: CWE-122,

Products Affected

Vendor Product Version
fedoraproject fedora 33
debian debian_linux 9.0
fedoraproject fedora 32
debian debian_linux 10.0
thekelleys dnsmasq *
CVE-2021-3448 MEDIUM

A flaw was found in dnsmasq in versions before 2.85. When configured to use a specific server for a given network interface, dnsmasq uses a fixed port while forwarding queries. An attacker on the network, able to find the outgoing port used by dnsmasq, only needs to guess the random transmission ID to forge a reply and get it accepted by dnsmasq. This flaw makes a DNS Cache Poisoning attack much easier. The highest threat from this vulnerability is to data integrity.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 4.0 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N 2.2 1.4

CVSS 2.0

Severity: MEDIUM

Problem Type: CWE-358,NVD-CWE-Other,

Products Affected

Vendor Product Version
fedoraproject fedora 33
redhat enterprise_linux 8.0
fedoraproject fedora 34
oracle communications_cloud_native_core_network_function_cloud_native_environment 1.9.0
fedoraproject fedora 32
thekelleys dnsmasq *
CVE-2021-45951 HIGH

Dnsmasq 2.86 has a heap-based buffer overflow in check_bad_address (called from check_for_bogus_wildcard and FuzzCheckForBogusWildcard). NOTE: the vendor's position is that CVE-2021-45951 through CVE-2021-45957 "do not represent real vulnerabilities, to the best of our knowledge.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,

Products Affected

Vendor Product Version
thekelleys dnsmasq 2.86
CVE-2021-45952 HIGH

Dnsmasq 2.86 has a heap-based buffer overflow in dhcp_reply (called from dhcp_packet and FuzzDhcp). NOTE: the vendor's position is that CVE-2021-45951 through CVE-2021-45957 "do not represent real vulnerabilities, to the best of our knowledge.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,

Products Affected

Vendor Product Version
thekelleys dnsmasq 2.86
CVE-2021-45953 HIGH

Dnsmasq 2.86 has a heap-based buffer overflow in extract_name (called from hash_questions and fuzz_util.c). NOTE: the vendor's position is that CVE-2021-45951 through CVE-2021-45957 "do not represent real vulnerabilities, to the best of our knowledge.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,

Products Affected

Vendor Product Version
thekelleys dnsmasq 2.86
CVE-2021-45954 HIGH

Dnsmasq 2.86 has a heap-based buffer overflow in extract_name (called from answer_auth and FuzzAuth). NOTE: the vendor's position is that CVE-2021-45951 through CVE-2021-45957 "do not represent real vulnerabilities, to the best of our knowledge.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,

Products Affected

Vendor Product Version
thekelleys dnsmasq 2.86
CVE-2021-45955 HIGH

Dnsmasq 2.86 has a heap-based buffer overflow in resize_packet (called from FuzzResizePacket and fuzz_rfc1035.c) because of the lack of a proper bounds check upon pseudo header re-insertion. NOTE: the vendor's position is that CVE-2021-45951 through CVE-2021-45957 "do not represent real vulnerabilities, to the best of our knowledge." However, a contributor states that a security patch (mentioned in 016162.html) is needed

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,

Products Affected

Vendor Product Version
thekelleys dnsmasq 2.86
CVE-2021-45956 HIGH

Dnsmasq 2.86 has a heap-based buffer overflow in print_mac (called from log_packet and dhcp_reply). NOTE: the vendor's position is that CVE-2021-45951 through CVE-2021-45957 "do not represent real vulnerabilities, to the best of our knowledge.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,CWE-787,

Products Affected

Vendor Product Version
thekelleys dnsmasq 2.86
CVE-2021-45957 HIGH

Dnsmasq 2.86 has a heap-based buffer overflow in answer_request (called from FuzzAnswerTheRequest and fuzz_rfc1035.c). NOTE: the vendor's position is that CVE-2021-45951 through CVE-2021-45957 "do not represent real vulnerabilities, to the best of our knowledge.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 9.8 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H 3.9 5.9

CVSS 2.0

Severity: HIGH

Problem Type: CWE-787,

Products Affected

Vendor Product Version
thekelleys dnsmasq 2.86
CVE-2022-0934

A single-byte, non-arbitrary write/use-after-free flaw was found in dnsmasq. This flaw allows an attacker who sends a crafted packet processed by dnsmasq, potentially causing a denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
redhat enterprise_linux 8.0
redhat enterprise_linux 9.0
thekelleys dnsmasq *
CVE-2023-28450

An issue was discovered in Dnsmasq before 2.90. The default maximum EDNS.0 UDP packet size was set to 4096 but should be 1232 because of DNS Flag Day 2020.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
thekelleys dnsmasq *
CVE-2023-49441

dnsmasq 2.9 is vulnerable to Integer Overflow via forward_query.

Products Affected

Vendor Product Version
thekelleys dnsmasq 2.9
CVE-2023-50387

Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the "KeyTrap" issue. One of the concerns is that, when there is a zone with many DNSKEY and RRSIG records, the protocol specification implies that an algorithm must evaluate all combinations of DNSKEY and RRSIG records.

Products Affected

Vendor Product Version
redhat enterprise_linux 9.0
fedoraproject fedora 39
nic knot_resolver *
microsoft windows_server_2008 r2
thekelleys dnsmasq *
powerdns recursor *
redhat enterprise_linux 6.0
redhat enterprise_linux 8.0
microsoft windows_server_2022_23h2 -
microsoft windows_server_2016 -
microsoft windows_server_2012 r2
microsoft windows_server_2019 -
redhat enterprise_linux 7.0
isc bind *
nlnetlabs unbound *
microsoft windows_server_2022 -
microsoft windows_server_2012 -