Vulmon
Recent Vulnerabilities
Research Posts
Trends
Blog
About
Contact
Vulmon Alerts
By Relevance
By Risk Score
By Publish Date
thekelleys dnsmasq vulnerabilities and exploits
(subscribe to this query)
7.5
CVSSv2
CVE-2021-45954
Dnsmasq 2.86 has a heap-based buffer overflow in extract_name (called from answer_auth and FuzzAuth). NOTE: the vendor's position is that CVE-2021-45951 through CVE-2021-45957 "do not represent real vulnerabilities, to the best of our knowledge.
Thekelleys Dnsmasq 2.86
7.5
CVSSv2
CVE-2021-45955
Dnsmasq 2.86 has a heap-based buffer overflow in resize_packet (called from FuzzResizePacket and fuzz_rfc1035.c) because of the lack of a proper bounds check upon pseudo header re-insertion. NOTE: the vendor's position is that CVE-2021-45951 through CVE-2021-45957 "do n...
Thekelleys Dnsmasq 2.86
7.5
CVSSv2
CVE-2021-45956
Dnsmasq 2.86 has a heap-based buffer overflow in print_mac (called from log_packet and dhcp_reply). NOTE: the vendor's position is that CVE-2021-45951 through CVE-2021-45957 "do not represent real vulnerabilities, to the best of our knowledge.
Thekelleys Dnsmasq 2.86
7.5
CVSSv2
CVE-2021-45957
Dnsmasq 2.86 has a heap-based buffer overflow in answer_request (called from FuzzAnswerTheRequest and fuzz_rfc1035.c). NOTE: the vendor's position is that CVE-2021-45951 through CVE-2021-45957 "do not represent real vulnerabilities, to the best of our knowledge.
Thekelleys Dnsmasq 2.86
4.3
CVSSv2
CVE-2019-14834
A vulnerability was found in dnsmasq before version 2.81, where the memory leak allows remote malicious users to cause a denial of service (memory consumption) via vectors involving DHCP response creation.
Thekelleys Dnsmasq
Fedoraproject Fedora 31
6.4
CVSSv2
CVE-2015-3294
The tcp_request function in Dnsmasq prior to 2.73rc4 does not properly handle the return value of the setup_reply function, which allows remote malicious users to read process memory and cause a denial of service (out-of-bounds read and crash) via a malformed DNS request.
Thekelleys Dnsmasq
Oracle Solaris 11.2
5
CVSSv2
CVE-2019-14513
Improper bounds checking in Dnsmasq prior to 2.76 allows an attacker controlled DNS server to send large DNS packets that result in a read operation beyond the buffer allocated for the packet, a different vulnerability than CVE-2017-14491.
Thekelleys Dnsmasq
Debian Debian Linux 8.0
1 Github repository
NA
CVE-2022-0934
A single-byte, non-arbitrary write/use-after-free flaw was found in dnsmasq. This flaw allows an attacker who sends a crafted packet processed by dnsmasq, potentially causing a denial of service.
Thekelleys Dnsmasq
Redhat Enterprise Linux 8.0
Redhat Enterprise Linux 9.0
5
CVSSv2
CVE-2015-8899
Dnsmasq prior to 2.76 allows remote servers to cause a denial of service (crash) via a reply with an empty DNS address that has an (1) A or (2) AAAA record defined locally.
Canonical Ubuntu Linux 16.04
Canonical Ubuntu Linux 15.10
Thekelleys Dnsmasq
5
CVSSv2
CVE-2012-3411
Dnsmasq prior to 2.63test1, when used with certain libvirt configurations, replies to requests from prohibited interfaces, which allows remote malicious users to cause a denial of service (traffic amplification) via a spoofed DNS query.
Thekelleys Dnsmasq
Redhat Enterprise Linux Desktop 6.0
Redhat Enterprise Linux Server 6.0
Redhat Enterprise Linux Workstation 6.0
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-21991
CVE-2024-32674
path traversal
CVE-2023-21987
denial of service
dos
CVE-2024-4647
CVE-2024-25519
CVE-2024-33612
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started
« PREV
1
2
3
4
NEXT »