Public exploit available
Public proof-of-concept or exploit code exists (ExploitDB / Metasploit / Nuclei).

CVE-2009-2957Improper Restriction of Operations within the Bounds of a Memory Buffer in Dnsmasq

CWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer9 documents9 sources
Severity
6.8MEDIUMNVD
EPSS
8.5%
top 7.60%
CISA KEV
Not in KEV
Exploit
PoC available
Public exploit / PoC exists
Affected products
1
Thekelleys Dnsmasq
Timeline
PublishedSep 2
Latest updateMay 2

Description

Heap-based buffer overflow in the tftp_request function in tftp.c in dnsmasq before 2.50, when --enable-tftp is used, might allow remote attackers to execute arbitrary code via a long filename in a TFTP packet, as demonstrated by a read (aka RRQ) request.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages2 packages

Debianthekelleys/dnsmasq< 2.50-1+3
NVDthekelleys/dnsmasq2.49+75

Patches

Patch: www.coresecurity.comPatch: www.securityfocus.comPatch: www.coresecurity.com

🔴Vulnerability Details

3
GHSA
GHSA-3wv8-c9pw-2c36: Heap-based buffer overflow in the tftp_request function in tftp2022-05-02
OSV
CVE-2009-2957: Heap-based buffer overflow in the tftp_request function in tftp2009-09-02
CVEList
CVE-2009-2957: Heap-based buffer overflow in the tftp_request function in tftp2009-09-02

💥Exploits & PoCs

1
Exploit-DB
Dnsmasq < 2.50 - Heap Overflow / Null Pointer Dereference2009-09-09

📋Vendor Advisories

3
Ubuntu
Dnsmasq vulnerabilities2009-09-01
Red Hat
dnsmasq: multiple vulnerabilities in TFTP server2009-08-31
Debian
CVE-2009-2957: dnsmasq - Heap-based buffer overflow in the tftp_request function in tftp.c in dnsmasq bef...2009

💬Community

1
Bugzilla
CVE-2009-2957, CVE-2009-2958 dnsmasq: multiple vulnerabilities in TFTP server2009-08-24
CVE-2009-2957 — Thekelleys Dnsmasq vulnerability | cvebase