CVE-2012-3411Improper Input Validation in Dnsmasq

CWE-20Improper Input Validation13 documents8 sources
Severity
5.0MEDIUMNVD
EPSS
0.9%
top 24.64%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Thekelleys DnsmasqRedhat Enterprise Linux DesktopRedhat Enterprise Linux Server+1 more
Timeline
PublishedMar 5
Latest updateMay 13

Description

Dnsmasq before 2.63test1, when used with certain libvirt configurations, replies to requests from prohibited interfaces, which allows remote attackers to cause a denial of service (traffic amplification) via a spoofed DNS query.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages5 packages

Debianthekelleys/dnsmasq< 2.63-1+3

Patches

Patch: bugzilla.redhat.comPatch: bugzilla.redhat.com

🔴Vulnerability Details

3
GHSA
GHSA-gj79-j4q7-5h4x: Dnsmasq before 22022-05-13
OSV
CVE-2012-3411: Dnsmasq before 22013-03-05
CVEList
CVE-2012-3411: Dnsmasq before 22013-03-04

📋Vendor Advisories

3
Juniper
CVE-2014-3411: Unspecified vulnerability in the NSM XDB service in Juniper NSM before 2012.2R8 allows remote attackers to execute arbitrary code via unspecified vect2014-05-19
Red Hat
libvirt+dnsmasq: DNS configured to answer DNS queries from non-virtual networks2012-07-09
Debian
CVE-2012-3411: dnsmasq - Dnsmasq before 2.63test1, when used with certain libvirt configurations, replies...2012

💬Community

6
Bugzilla
CVE-2013-0198 dnsmasq: Incomplete fix for the CVE-2012-3411 issue [fedora-all]2013-01-18
Bugzilla
CVE-2013-0198 dnsmasq: Incomplete fix for the CVE-2012-3411 issue2013-01-11
Bugzilla
CVE-2012-3411 libvirt needs to use new dnsmasq option to avoid open DNS proxy [fedora-all]2012-11-30
Bugzilla
CVE-2012-3411 libvirt needs to use new dnsmasq option to avoid open DNS proxy2012-11-08
Bugzilla
CVE-2012-3411 dnsmasq: When run under libvirt open DNS proxy (reachable also out of the virtual network set for the guest domain) is created [fedora-all]2012-07-09
CVE-2012-3411 — Improper Input Validation in Dnsmasq | cvebase