CVE-2015-3294 — Unchecked Return Value in Dnsmasq

CWE-19 CWE-252 — Unchecked Return Value8 documents8 sources

Severity

6.4MEDIUMNVD

EPSS

0.2%

top 59.84%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Thekelleys Dnsmasq Oracle Solaris

Timeline

PublishedMay 8

Latest updateMay 14

Description

The tcp_request function in Dnsmasq before 2.73rc4 does not properly handle the return value of the setup_reply function, which allows remote attackers to read process memory and cause a denial of service (out-of-bounds read and crash) via a malformed DNS request.

CVSS vector

AV:N/AC:L/C:P/I:N/A:PExploitability: 10.0 | Impact: 4.9

Affected Packages3 packages

▶Debianthekelleys/dnsmasq< 2.72-3.1+3

▶NVDthekelleys/dnsmasq2.73

▶NVDoracle/solaris11.2

🔴Vulnerability Details

GHSA

GHSA-68qg-cgxp-wxcf: The tcp_request function in Dnsmasq before 2↗2022-05-14

▶

CVEList

CVE-2015-3294: The tcp_request function in Dnsmasq before 2↗2015-05-08

▶

OSV

CVE-2015-3294: The tcp_request function in Dnsmasq before 2↗2015-05-08

▶

📋Vendor Advisories

Ubuntu

Dnsmasq vulnerability↗2015-05-04

▶

Red Hat

dnsmasq: unchecked return value of the setup_reply() function↗2015-04-23

▶

Debian

CVE-2015-3294: dnsmasq - The tcp_request function in Dnsmasq before 2.73rc4 does not properly handle the ...↗2015

▶

💬Community

Bugzilla

CVE-2015-3294 dnsmasq: unchecked return value of the setup_reply() function↗2015-04-27

▶