Thekelleys

Dnsmasq

39 Schwachstellen gefunden.

Hinweis: Diese Liste kann unvollständig sein. Daten werden ohne Gewähr im Ursprungsformat bereitgestellt.
  • EPSS 0.24%
  • Veröffentlicht 23.06.2026 13:28:56
  • Zuletzt bearbeitet 08.07.2026 15:10:14

An out-of-bounds read vulnerability exists in dnsmasq's find_soa() function in src/rfc1035.c. When parsing NS section records, extract_name() is called with extrabytes=0, failing to validate that 10 additional bytes exist for fixed-length DNS record ...

  • EPSS 0.4%
  • Veröffentlicht 22.06.2026 13:55:05
  • Zuletzt bearbeitet 08.07.2026 15:10:32

A heap-based buffer overflow was found in dnsmasq. When DNSSEC validation and query logging are both enabled, logging of DS or DNSKEY replies containing unsupported algorithm or digest types can cause dnsmasq to write past the end of an internal logg...

Exploit
  • EPSS 0.66%
  • Veröffentlicht 06.06.2024 22:15:09
  • Zuletzt bearbeitet 14.03.2025 16:15:27

dnsmasq 2.9 is vulnerable to Integer Overflow via forward_query.

Medienbericht
  • EPSS 100%
  • Veröffentlicht 14.02.2024 16:15:45
  • Zuletzt bearbeitet 04.11.2025 19:16:14

Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the "KeyTrap" issue. One of the concerns is that,...

  • EPSS 1.33%
  • Veröffentlicht 15.03.2023 21:15:09
  • Zuletzt bearbeitet 03.11.2025 22:16:06

An issue was discovered in Dnsmasq before 2.90. The default maximum EDNS.0 UDP packet size was set to 4096 but should be 1232 because of DNS Flag Day 2020.

  • EPSS 1.49%
  • Veröffentlicht 29.08.2022 15:15:10
  • Zuletzt bearbeitet 03.11.2025 22:15:55

A single-byte, non-arbitrary write/use-after-free flaw was found in dnsmasq. This flaw allows an attacker who sends a crafted packet processed by dnsmasq, potentially causing a denial of service.

Exploit
  • EPSS 2.59%
  • Veröffentlicht 01.01.2022 00:15:08
  • Zuletzt bearbeitet 21.11.2024 06:33:21

Dnsmasq 2.86 has a heap-based buffer overflow in extract_name (called from answer_auth and FuzzAuth). NOTE: the vendor's position is that CVE-2021-45951 through CVE-2021-45957 "do not represent real vulnerabilities, to the best of our knowledge.

Exploit
  • EPSS 2.59%
  • Veröffentlicht 01.01.2022 00:15:08
  • Zuletzt bearbeitet 21.11.2024 06:33:20

Dnsmasq 2.86 has a heap-based buffer overflow in check_bad_address (called from check_for_bogus_wildcard and FuzzCheckForBogusWildcard). NOTE: the vendor's position is that CVE-2021-45951 through CVE-2021-45957 "do not represent real vulnerabilities,...

Exploit
  • EPSS 2.59%
  • Veröffentlicht 01.01.2022 00:15:08
  • Zuletzt bearbeitet 21.11.2024 06:33:20

Dnsmasq 2.86 has a heap-based buffer overflow in dhcp_reply (called from dhcp_packet and FuzzDhcp). NOTE: the vendor's position is that CVE-2021-45951 through CVE-2021-45957 "do not represent real vulnerabilities, to the best of our knowledge.

Exploit
  • EPSS 2.59%
  • Veröffentlicht 01.01.2022 00:15:08
  • Zuletzt bearbeitet 21.11.2024 06:33:21

Dnsmasq 2.86 has a heap-based buffer overflow in extract_name (called from hash_questions and fuzz_util.c). NOTE: the vendor's position is that CVE-2021-45951 through CVE-2021-45957 "do not represent real vulnerabilities, to the best of our knowledge...