CVE-2017-15107 log

Source	CVE Red Hat MITRE NVD Debian Ubuntu SUSE Alpine Mageia CVE Details CIRCL Bugs Arch Linux Red Hat Gentoo SUSE GitHub Lists oss-security full-disclosure bugtraq Misc GitHub code web search
Severity	Medium
Remote	Yes
Type	Insufficient validation
Description	A vulnerability was found in Dnsmasq's implementation of DNSSEC before 2.79. Wildcard synthesized NSEC records could be improperly interpreted to prove the non-existence of hostnames that actually exist.

Group	Package	Affected	Fixed	Severity	Status	Ticket
AVG-592	dnsmasq	2.78-1	2.78-2	Medium	Fixed

Date	Advisory	Group	Package	Severity	Type
30 Jan 2018	ASA-201801-32	AVG-592	dnsmasq	Medium	insufficient validation

References
http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commitdiff;h=4fe6744a220eddd3f1749b40cac3dfc510787de6 http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2018q1/011896.html

Notes
Requires DNSSEC support to be vulnerable