dnsmasq

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description Lightweight, easy to configure DNS forwarder and DHCP server
Version 2.86-1 [extra]

Resolved

Group Affected Fixed Severity Status Ticket
AVG-1703 2.84-1 2.85-1 Medium Fixed
AVG-1470 2.82-2 2.83-1 High Fixed
AVG-592 2.78-1 2.78-2 Medium Fixed
AVG-421 2.77-1 2.78-1 Critical Fixed
Issue Group Severity Remote Type Description
CVE-2021-3448 AVG-1703 Medium Yes Content spoofing
A security issue was found in dnsmasq before version 2.85. When configured with --server=<address>@<interface> or similar (e.g. through dbus), dnsmasq...
CVE-2020-25687 AVG-1470 Medium Yes Denial of service
A heap-based buffer overflow was discovered in dnsmasq before version 2.83 when DNSSEC is enabled and before it validates the received DNS entries. A remote...
CVE-2020-25686 AVG-1470 Medium Yes Insufficient validation
A flaw was found when receiving a query, where dnsmasq before version 2.83 does not check for an existing pending request for the same name and forwards a...
CVE-2020-25685 AVG-1470 Medium Yes Insufficient validation
When getting a reply from a forwarded query, dnsmasq before version 2.83 checks in forward.c:reply_query() which one is the forwarded query that matches the...
CVE-2020-25684 AVG-1470 Medium Yes Insufficient validation
A flaw was found when getting a reply from a forwarded query, where dnsmasq before version 2.83 checks in forward.c:reply_query() if the reply destination...
CVE-2020-25683 AVG-1470 Medium Yes Denial of service
A heap-based buffer overflow was discovered in dnsmasq before version 2.83 when DNSSEC is enabled and before it validates the received DNS entries. A remote...
CVE-2020-25682 AVG-1470 High Yes Arbitrary code execution
A buffer overflow vulnerability was discovered in the way dnsmasq before version 2.83 extract names from DNS packets before validating them with DNSSEC...
CVE-2020-25681 AVG-1470 High Yes Arbitrary code execution
A heap-based buffer overflow was discovered in dnsmasq before version 2.83 in the way it sorts RRSets before validating them with DNSSEC data. An attacker...
CVE-2017-15107 AVG-592 Medium Yes Insufficient validation
A vulnerability was found in Dnsmasq's implementation of DNSSEC before 2.79. Wildcard synthesized NSEC records could be improperly interpreted to prove the...
CVE-2017-14496 AVG-421 High Yes Denial of service
An integer underflow flaw leading to a buffer over-read was found in dnsmasq in the EDNS0 code. An attacker could send crafted DNS packets to dnsmasq which...
CVE-2017-14495 AVG-421 High Yes Denial of service
A memory exhaustion flaw was found in dnsmasq in the EDNS0 code. An attacker could send crafted DNS packets which would trigger memory allocations which...
CVE-2017-14494 AVG-421 Medium Yes Information disclosure
An information leak was found in dnsmasq in the DHCPv6 relay code. An attacker on the local network could send crafted DHCPv6 packets to dnsmasq causing it...
CVE-2017-14493 AVG-421 Critical Yes Arbitrary code execution
A stack buffer overflow was found in dnsmasq in the DHCPv6 code. An attacker on the local network could send a crafted DHCPv6 request to dnsmasq which would...
CVE-2017-14492 AVG-421 Critical Yes Arbitrary code execution
A heap buffer overflow was discovered in dnsmasq in the IPv6 router advertisement (RA) handling code. An attacker on the local network segment could send...
CVE-2017-14491 AVG-421 Critical Yes Arbitrary code execution
A heap buffer overflow was found in dnsmasq in the code responsible for building DNS replies. An attacker could send crafted DNS packets to dnsmasq which...

Advisories

Date Advisory Group Severity Type
20 Jan 2021 ASA-202101-38 AVG-1470 High multiple issues
30 Jan 2018 ASA-201801-32 AVG-592 Medium insufficient validation
02 Oct 2017 ASA-201710-1 AVG-421 Critical multiple issues