9.8

CVE-2021-45957

Exploit
Dnsmasq 2.86 has a heap-based buffer overflow in answer_request (called from FuzzAnswerTheRequest and fuzz_rfc1035.c). NOTE: the vendor's position is that CVE-2021-45951 through CVE-2021-45957 "do not represent real vulnerabilities, to the best of our knowledge.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ThekelleysDnsmasq Version2.86
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 2.45% 0.822
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 9.8 3.9 5.9
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvd@nist.gov 7.5 10 6.4
AV:N/AC:L/Au:N/C:P/I:P/A:P
CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2022q1/016162.html
Third Party Advisory
Mailing List
https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2022q1/016164.html
Third Party Advisory
Mailing List
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35920
Third Party Advisory
Exploit
Issue Tracking
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/dnsmasq/OSV-2021-935.yaml
Third Party Advisory