CVE-2017-15107 - log back

CVE-2017-15107 created at 25 Sep 2019 19:31:40
Severity
+ Medium
Remote
+ Remote
Type
+ Insufficient validation
Description
+ A vulnerability was found in Dnsmasq's implementation of DNSSEC before 2.79. Wildcard synthesized NSEC records could be improperly interpreted to prove the non-existence of hostnames that actually exist.
References
+ http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commitdiff;h=4fe6744a220eddd3f1749b40cac3dfc510787de6
+ http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2018q1/011896.html
Notes
+ Requires DNSSEC support to be vulnerable