Integer underflow in the add_pseudoheader function in dnsmasq prior to 2.78 , when the --add-mac, --add-cpe-id or --add-subnet option is specified, allows remote malicious users to cause a denial of service via a crafted DNS request.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
redhat enterprise linux desktop 7.0 |
||
google android 7.1.2 |
||
redhat enterprise linux workstation 7.0 |
||
google android 5.0.2 |
||
redhat enterprise linux server 7.0 |
||
google android 6.0.1 |
||
google android 6.0 |
||
debian debian linux 7.1 |
||
novell leap 42.2 |
||
google android 4.4.4 |
||
debian debian linux 7.0 |
||
google android 7.0 |
||
canonical ubuntu linux 16.04 |
||
canonical ubuntu linux 14.04 |
||
google android 8.0 |
||
google android 5.1.1 |
||
canonical ubuntu linux 17.04 |
||
debian debian linux 9.0 |
||
google android 7.1.1 |
||
novell leap 42.3 |
||
thekelleys dnsmasq |
There's a nasty bug in media file handling – deja vu, right?
Another month, another round of Android patches – although October's batch is pleasantly small compared to other recent releases. Of the 14 CVE flaws released, six cover Android's troubled media processing and playback engine. This means miscreants can fling malicious files at devices to potentially hijack them. The privilege escalation bugs can be used by dodgy apps to gain control of handsets and tablets. There's also a remote-code execution flaw in the Dnsmasq tool used by Android. Details ...