A heap-based buffer overflow was discovered in dnsmasq before version 2.83 in the way it sorts RRSets before validating them with DNSSEC data. An attacker on the network, who can forge DNS replies such as that they are accepted as valid, could use this flaw to cause an overflow with arbitrary data in a heap-allocated memory, possibly executing code on the machine.
A heap-based buffer overflow was discovered in dnsmasq before version 2.83 in the way it sorts RRSets before validating them with DNSSEC data. An attacker on the network, who can forge DNS replies such as that they are accepted as valid, could use this flaw to cause an overflow with arbitrary data in a heap-allocated memory, possibly executing code on the machine.
https://www.openwall.com/lists/oss-security/2021/01/19/1 https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2021q1/014599.html https://www.jsof-tech.com/disclosures/dnspooq/ https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commitdiff;h=4e96a4be685c9e4445f6ee79ad0b36b9119b502a