dnsmasq

Link package | bugs open | bugs closed | Wiki | GitHub | web search
Description Lightweight, easy to configure DNS forwarder and DHCP server
Version 2.80-2 [extra]

Resolved

Group Affected Fixed Severity Status Ticket
AVG-592 2.78-1 2.78-2 Medium Fixed
AVG-421 2.77-1 2.78-1 Critical Fixed
Issue Group Severity Remote Type Description
CVE-2017-15107 AVG-592 Medium Yes Insufficient validation
A vulnerability was found in Dnsmasq's implementation of DNSSEC before 2.79. Wildcard synthesized NSEC records could be improperly interpreted to prove the...
CVE-2017-14496 AVG-421 High Yes Denial of service
An integer underflow flaw leading to a buffer over-read was found in dnsmasq in the EDNS0 code. An attacker could send crafted DNS packets to dnsmasq which...
CVE-2017-14495 AVG-421 High Yes Denial of service
A memory exhaustion flaw was found in dnsmasq in the EDNS0 code. An attacker could send crafted DNS packets which would trigger memory allocations which...
CVE-2017-14494 AVG-421 Medium Yes Information disclosure
An information leak was found in dnsmasq in the DHCPv6 relay code. An attacker on the local network could send crafted DHCPv6 packets to dnsmasq causing it...
CVE-2017-14493 AVG-421 Critical Yes Arbitrary code execution
A stack buffer overflow was found in dnsmasq in the DHCPv6 code. An attacker on the local network could send a crafted DHCPv6 request to dnsmasq which would...
CVE-2017-14492 AVG-421 Critical Yes Arbitrary code execution
A heap buffer overflow was discovered in dnsmasq in the IPv6 router advertisement (RA) handling code. An attacker on the local network segment could send...
CVE-2017-14491 AVG-421 Critical Yes Arbitrary code execution
A heap buffer overflow was found in dnsmasq in the code responsible for building DNS replies. An attacker could send crafted DNS packets to dnsmasq which...

Advisories

Date Advisory Group Severity Description
30 Jan 2018 ASA-201801-32 AVG-592 Medium insufficient validation
02 Oct 2017 ASA-201710-1 AVG-421 Critical multiple issues