CVE-2008-3350
published 2008-07-28CVE-2008-3350: dnsmasq 2.43 allows remote attackers to cause a denial of service (daemon crash) by (1) sending a DHCPINFORM while lacking a DHCP lease, or (2) attempting to…
PriorityP419medium5CVSS 2.0
AVNACLAuNCNINAP
EPSS
1.69%
74.2th percentile
dnsmasq 2.43 allows remote attackers to cause a denial of service (daemon crash) by (1) sending a DHCPINFORM while lacking a DHCP lease, or (2) attempting to renew a nonexistent DHCP lease for an invalid subnet as an "unknown client," a different vulnerability than CVE-2008-3214.
Affected
6 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | dnsmasq | < dnsmasq 2.44-1 (bookworm) | dnsmasq 2.44-1 (bookworm) |
| the_kelleys | dnsmasq | — | — |
| thekelleys | dnsmasq | >= 0 < 2.44-1 | 2.44-1 |
| thekelleys | dnsmasq | >= 0 < 2.44-1 | 2.44-1 |
| thekelleys | dnsmasq | >= 0 < 2.44-1 | 2.44-1 |
| thekelleys | dnsmasq | >= 0 < 2.44-1 | 2.44-1 |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv7.8HIGH
vendor_debian7.8LOW
vendor_redhat7.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-8w5w-hcg8-56w5: dnsmasq 2
ghsa_unreviewed·2022-05-01·CVSS 7.8
CVE-2008-3350 [HIGH] GHSA-8w5w-hcg8-56w5: dnsmasq 2
dnsmasq 2.43 allows remote attackers to cause a denial of service (daemon crash) by (1) sending a DHCPINFORM while lacking a DHCP lease, or (2) attempting to renew a nonexistent DHCP lease for an invalid subnet as an "unknown client," a different vulnerability than CVE-2008-3214.
OSV
CVE-2008-3350: dnsmasq 2
osv·2008-07-28·CVSS 7.8
CVE-2008-3350 [HIGH] CVE-2008-3350: dnsmasq 2
dnsmasq 2.43 allows remote attackers to cause a denial of service (daemon crash) by (1) sending a DHCPINFORM while lacking a DHCP lease, or (2) attempting to renew a nonexistent DHCP lease for an invalid subnet as an "unknown client," a different vulnerability than CVE-2008-3214.
Debian
CVE-2008-3350: dnsmasq - dnsmasq 2.43 allows remote attackers to cause a denial of service (daemon crash)...
vendor_debian·2008·CVSS 7.8
CVE-2008-3350 [HIGH] CVE-2008-3350: dnsmasq - dnsmasq 2.43 allows remote attackers to cause a denial of service (daemon crash)...
dnsmasq 2.43 allows remote attackers to cause a denial of service (daemon crash) by (1) sending a DHCPINFORM while lacking a DHCP lease, or (2) attempting to renew a nonexistent DHCP lease for an invalid subnet as an "unknown client," a different vulnerability than CVE-2008-3214.
Scope: local
bookworm: resolved (fixed in 2.44-1)
bullseye: resolved (fixed in 2.44-1)
forky: resolved (fixed in 2.44-1)
sid: resolved (fixed in 2.44-1)
trixie: resolved (fixed in 2.44-1)
Red Hat
CVE-2008-3350: dnsmasq 2
vendor_redhat·CVSS 7.8
CVE-2008-3350 [HIGH] CVE-2008-3350: dnsmasq 2
dnsmasq 2.43 allows remote attackers to cause a denial of service (daemon crash) by (1) sending a DHCPINFORM while lacking a DHCP lease, or (2) attempting to renew a nonexistent DHCP lease for an invalid subnet as an "unknown client," a different vulnerability than CVE-2008-3214.
Statement: Not vulnerable. These issues did not affect the version of dnsmasq as shipped with Red Hat Enterprise Linux 5.
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
http://article.gmane.org/gmane.network.dns.dnsmasq.general/2189http://secunia.com/advisories/31197http://www.thekelleys.org.uk/dnsmasq/CHANGELOGhttp://www.vupen.com/english/advisories/2008/2166https://exchange.xforce.ibmcloud.com/vulnerabilities/43957https://exchange.xforce.ibmcloud.com/vulnerabilities/43960http://article.gmane.org/gmane.network.dns.dnsmasq.general/2189http://secunia.com/advisories/31197http://www.thekelleys.org.uk/dnsmasq/CHANGELOGhttp://www.vupen.com/english/advisories/2008/2166https://exchange.xforce.ibmcloud.com/vulnerabilities/43957https://exchange.xforce.ibmcloud.com/vulnerabilities/43960
2008-07-28
Published