7.5
CVE-2015-8899
- EPSS 2.42%
- Veröffentlicht 30.06.2016 17:59:00
- Zuletzt bearbeitet 06.05.2026 22:30:45
- Quelle security@ubuntu.com
- CVE-Watchlists
- Unerledigt
Dnsmasq before 2.76 allows remote servers to cause a denial of service (crash) via a reply with an empty DNS address that has an (1) A or (2) AAAA record defined locally.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Canonical ≫ Ubuntu Linux Version15.10
Canonical ≫ Ubuntu Linux Version16.04 SwEditionlts
Thekelleys ≫ Dnsmasq Version <= 2.75
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 2.42% | 0.82 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 7.5 | 3.9 | 3.6 |
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
|
| nvd@nist.gov | 5 | 10 | 2.9 |
AV:N/AC:L/Au:N/C:N/I:N/A:P
|
CWE-20 Improper Input Validation
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.
http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2016q2/010479.html
http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2016q2/010505.html
http://thekelleys.org.uk/gitweb/?p=dnsmasq.git%3Ba=commit%3Bh=41a8d9e99be9f2cc8b02051dd322cb45e0faac87
http://www.openwall.com/lists/oss-security/2016/06/03/7
http://www.openwall.com/lists/oss-security/2016/06/04/2
http://www.securityfocus.com/bid/91031
http://www.securitytracker.com/id/1036045
http://www.ubuntu.com/usn/USN-3009-1