Dnsmasq prior to 2.21 allows remote malicious users to poison the DNS cache via answers to queries that were not made by Dnsmasq.
thekelleys dnsmasq