No description is available for this CVE.
The flaw can be prevented by removing `--server=<address>@<interface>` option or by removing the directive `server=<address>@<interface>`. If dnsmasq is being run through NetworkManager, please be aware that NetworkManager automatically configures dnsmasq to use the `server=<address>@<interface>` directive, thus in this case the only way to prevent the flaw is to remove `dns=dnsmasq` from /etc/NetworkManager/NetworkManager.conf file.
If the `server=<address>@<interface>` must be kept active, the impact of this flaw can be reduced by disabling the dnsmasq cache by adding `--cache-size=0` when calling dnsmasq or by adding a line with `cache-size=0` to the dnsmasq configuration file (/etc/dnsmasq.conf by default). If dnsmasq is being run through NetworkManager, create a new file in /etc/NetworkManager/dnsmasq.d/ and add `cache-size=0` to it.
By disabling the cache, you may experience a performance loss in your environment due to all DNS queries being forwarded to the upstream servers. Please evaluate if the mitigation is appropriate for the system’s environment before applying.
Vulmon