In dnsmasq prior to 2.78, if the DNS packet size does not match the expected size, the size parameter in a memset call gets a negative value. As it is an unsigned value, memset ends up writing up to 0xffffffff zero's (0xffffffffffffffff in 64 bit platforms), making dnsmasq crash.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
redhat enterprise linux desktop 7.0 |
||
redhat enterprise linux workstation 7.0 |
||
redhat enterprise linux server 7.0 |
||
debian debian linux 7.1 |
||
novell leap 42.2 |
||
debian debian linux 7.0 |
||
canonical ubuntu linux 16.04 |
||
canonical ubuntu linux 14.04 |
||
canonical ubuntu linux 17.04 |
||
debian debian linux 9.0 |
||
fedoraproject fedora 27 |
||
novell leap 42.3 |
||
thekelleys dnsmasq |