CVE-2023-28450
published 2023-03-15CVE-2023-28450: An issue was discovered in Dnsmasq before 2.90. The default maximum EDNS.0 UDP packet size was set to 4096 but should be 1232 because of DNS Flag Day 2020.
PriorityP335high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
1.33%
67.6th percentile
An issue was discovered in Dnsmasq before 2.90. The default maximum EDNS.0 UDP packet size was set to 4096 but should be 1232 because of DNS Flag Day 2020.
Affected
12 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | dnsmasq | < dnsmasq 2.90-4~deb12u1 (bookworm) | dnsmasq 2.90-4~deb12u1 (bookworm) |
| msrc | cbl2_dnsmasq_2.89-2_on_cbl_mariner_2.0 | — | — |
| msrc | cm1_dnsmasq_2.85-2_on_cbl_mariner_1.0 | — | — |
| thekelleys | dnsmasq | < 2.90 | 2.90 |
| thekelleys | dnsmasq | >= 0 < 2.85-1+deb11u1 | 2.85-1+deb11u1 |
| thekelleys | dnsmasq | >= 0 < 2.90-4~deb12u1 | 2.90-4~deb12u1 |
| thekelleys | dnsmasq | >= 0 < 2.90-1 | 2.90-1 |
| thekelleys | dnsmasq | >= 0 < 2.90-1 | 2.90-1 |
| thekelleys | dnsmasq | >= 0 < 2.90-0ubuntu0.20.04.1 | 2.90-0ubuntu0.20.04.1 |
| thekelleys | dnsmasq | >= 0 < 2.90-0ubuntu0.22.04.1 | 2.90-0ubuntu0.22.04.1 |
| thekelleys | dnsmasq | >= 0 < 2.90-0ubuntu0.16.04.1+esm1 | 2.90-0ubuntu0.16.04.1+esm1 |
| thekelleys | dnsmasq | >= 0 < 2.90-0ubuntu0.18.04.1+esm1 | 2.90-0ubuntu0.18.04.1+esm1 |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
osv7.5HIGH
vendor_debian7.5HIGH
vendor_msrc7.5HIGH
vendor_redhat7.5HIGH
vendor_ubuntu7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
dnsmasq vulnerabilities
osv·2024-04-24·CVSS 7.5
CVE-2023-50387 [HIGH] dnsmasq vulnerabilities
dnsmasq vulnerabilities
USN-6657-1 fixed several vulnerabilities in Dnsmasq. This update provides
the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS.
Original advisory details:
Elias Heftrig, Haya Schulmann, Niklas Vogel, and Michael Waidner discovered
that Dnsmasq icorrectly handled validating DNSSEC messages. A remote
attacker could possibly use this issue to cause Dnsmasq to consume
resources, leading to a denial of service. (CVE-2023-50387)
It was discovered that Dnsmasq incorrectly handled preparing an NSEC3
closest encloser proof. A remote attacker could possibly use this issue to
cause Dnsmasq to consume resources, leading to a denial of service.
(CVE-2023-50868)
It was discovered that Dnsmasq incorrectly set the maximum EDNS.0 UDP
packet size as required by DNS
OSV
dnsmasq vulnerabilities
osv·2024-02-26·CVSS 7.5
CVE-2023-50387 [HIGH] dnsmasq vulnerabilities
dnsmasq vulnerabilities
Elias Heftrig, Haya Schulmann, Niklas Vogel, and Michael Waidner discovered
that Dnsmasq icorrectly handled validating DNSSEC messages. A remote
attacker could possibly use this issue to cause Dnsmasq to consume
resources, leading to a denial of service. (CVE-2023-50387)
It was discovered that Dnsmasq incorrectly handled preparing an NSEC3
closest encloser proof. A remote attacker could possibly use this issue to
cause Dnsmasq to consume resources, leading to a denial of service.
(CVE-2023-50868)
It was discovered that Dnsmasq incorrectly set the maximum EDNS.0 UDP
packet size as required by DNS Flag Day 2020. This issue only affected
Ubuntu 23.10. (CVE-2023-28450)
OSV
CVE-2023-28450: An issue was discovered in Dnsmasq before 2
osv·2023-03-15·CVSS 7.5
CVE-2023-28450 [HIGH] CVE-2023-28450: An issue was discovered in Dnsmasq before 2
An issue was discovered in Dnsmasq before 2.90. The default maximum EDNS.0 UDP packet size was set to 4096 but should be 1232 because of DNS Flag Day 2020.
GHSA
GHSA-vgrx-vhjf-p7wv: An issue was discovered in Dnsmasq before 2
ghsa_unreviewed·2023-03-15
CVE-2023-28450 [HIGH] GHSA-vgrx-vhjf-p7wv: An issue was discovered in Dnsmasq before 2
An issue was discovered in Dnsmasq before 2.90. The default maximum EDNS.0 UDP packet size was set to 4096 but should be 1232 because of DNS Flag Day 2020.
CISA ICS
Siemens SCALANCE M-800 Family
cisa_ics·2024-11-14
Siemens SCALANCE M-800 Family
ICS Advisory
##
Siemens SCALANCE M-800 Family
Release DateNovember 14, 2024
Alert CodeICSA-24-319-06
Related topics:
Industrial Control System Vulnerabilities, Industrial Control Systems
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v4 8.6
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Siemens
- Equipment: SCALANCE M-800 Family
- Vulnerabilities: Out-of-bounds Read, Missing Encryption of Sensitive Data, Integer Overflow or Wraparou
Ubuntu
Dnsmasq vulnerabilities
vendor_ubuntu·2024-04-24·CVSS 7.5
CVE-2023-50387 [HIGH] Dnsmasq vulnerabilities
Title: Dnsmasq vulnerabilities
Summary: Several security issues were fixed in Dnsmasq.
USN-6657-1 fixed several vulnerabilities in Dnsmasq. This update provides
the corresponding update for Ubuntu 16.04 LTS and Ubuntu 18.04 LTS.
Original advisory details:
Elias Heftrig, Haya Schulmann, Niklas Vogel, and Michael Waidner discovered
that Dnsmasq icorrectly handled validating DNSSEC messages. A remote
attacker could possibly use this issue to cause Dnsmasq to consume
resources, leading to a denial of service. (CVE-2023-50387)
It was discovered that Dnsmasq incorrectly handled preparing an NSEC3
closest encloser proof. A remote attacker could possibly use this issue to
cause Dnsmasq to consume resources, leading to a denial of service.
(CVE-2023-50868)
It was discovered that Dnsmasq incor
Ubuntu
Dnsmasq vulnerabilities
vendor_ubuntu·2024-02-26·CVSS 7.5
CVE-2023-50387 [HIGH] Dnsmasq vulnerabilities
Title: Dnsmasq vulnerabilities
Summary: Several security issues were fixed in Dnsmasq.
Elias Heftrig, Haya Schulmann, Niklas Vogel, and Michael Waidner discovered
that Dnsmasq icorrectly handled validating DNSSEC messages. A remote
attacker could possibly use this issue to cause Dnsmasq to consume
resources, leading to a denial of service. (CVE-2023-50387)
It was discovered that Dnsmasq incorrectly handled preparing an NSEC3
closest encloser proof. A remote attacker could possibly use this issue to
cause Dnsmasq to consume resources, leading to a denial of service.
(CVE-2023-50868)
It was discovered that Dnsmasq incorrectly set the maximum EDNS.0 UDP
packet size as required by DNS Flag Day 2020. This issue only affected
Ubuntu 23.10. (CVE-2023-28450)
Instructions: This update uses a n
Ubuntu
Dnsmasq vulnerability
vendor_ubuntu·2023-04-20
CVE-2023-28450 Dnsmasq vulnerability
Title: Dnsmasq vulnerability
Summary: Dnsmasq could cause transmission reliability issues when
sending large DNS messages.
It was discovered that Dnsmasq was sending large DNS messages
over UDP, possibly causing transmission failures due to IP
fragmentation. This update lowers the default maximum size of
DNS messages to improve transmission reliability over UDP.
Instructions: After a standard system update you need to reboot your computer to make
all the necessary changes.
Red Hat
dnsmasq: default maximum EDNS.0 UDP packet size was set to 4096 but should be 1232
vendor_redhat·2023-03-15·CVSS 7.5
CVE-2023-28450 [HIGH] CWE-770 dnsmasq: default maximum EDNS.0 UDP packet size was set to 4096 but should be 1232
dnsmasq: default maximum EDNS.0 UDP packet size was set to 4096 but should be 1232
An issue was discovered in Dnsmasq before 2.90. The default maximum EDNS.0 UDP packet size was set to 4096 but should be 1232 because of DNS Flag Day 2020.
A flaw was found in Dnsmasq. The default maximum EDNS.0 UDP packet size was set to 4096 but should be 1232 because of DNS Flag Day 2020.
Statement: The severity of this vulnerability is not important but moderate because exploiting the vulnerability can lead to a theoretical disruption of the availability of the service, but doesn’t directly compromise data integrity or confidentiality. This theoretical disruption would require an attacker to be able to induce IP fragmentation during transmission and can be mitigated with a simple configuration change
Microsoft
An issue was discovered in Dnsmasq before 2.90. The default maximum EDNS.0 UDP packet size was set to 4096 but should be 1232 because of DNS Flag Day 2020.
vendor_msrc·2023-03-14·CVSS 7.5
CVE-2023-28450 [HIGH] An issue was discovered in Dnsmasq before 2.90. The default maximum EDNS.0 UDP packet size was set to 4096 but should be 1232 because of DNS Flag Day 2020.
An issue was discovered in Dnsmasq before 2.90. The default maximum EDNS.0 UDP packet size was set to 4096 but should be 1232 because of DNS Flag Day 2020.
FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?
One of the main benefits to our customers who choose to use the Azure Linux distro is the commitment to keep it up to date with the most recent and most secure versions of the open source libraries with which the distro is composed. Microsoft is committed to transparency in this work which is why we began publishing CSAF/VEX in October 2025. See this blog post for more information. If impact to additional products is identified, we will update the CVE to reflect this.
Mariner: Mariner
mitr
Debian
CVE-2023-28450: dnsmasq - An issue was discovered in Dnsmasq before 2.90. The default maximum EDNS.0 UDP p...
vendor_debian·2023·CVSS 7.5
CVE-2023-28450 [HIGH] CVE-2023-28450: dnsmasq - An issue was discovered in Dnsmasq before 2.90. The default maximum EDNS.0 UDP p...
An issue was discovered in Dnsmasq before 2.90. The default maximum EDNS.0 UDP packet size was set to 4096 but should be 1232 because of DNS Flag Day 2020.
Scope: local
bookworm: resolved (fixed in 2.90-4~deb12u1)
bullseye: resolved (fixed in 2.85-1+deb11u1)
forky: resolved (fixed in 2.90-1)
sid: resolved (fixed in 2.90-1)
trixie: resolved (fixed in 2.90-1)
No detection rules found.
No public exploits indexed.
https://capec.mitre.org/data/definitions/495.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6UQ6LKDTLSSD64TBIZ3XEKBM2SWC63VV/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OU2ZT4ITSEOOR2CFBAHK4Z67KXJIEWQA/https://thekelleys.org.uk/dnsmasq/doc.htmlhttps://thekelleys.org.uk/gitweb/?p=dnsmasq.git%3Ba=blob%3Bf=CHANGELOGhttps://thekelleys.org.uk/gitweb/?p=dnsmasq.git%3Ba=commit%3Bh=eb92fb32b746f2104b0f370b5b295bb8dd4bd5e5https://capec.mitre.org/data/definitions/495.htmlhttps://lists.debian.org/debian-lts-announce/2024/11/msg00035.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6UQ6LKDTLSSD64TBIZ3XEKBM2SWC63VV/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OU2ZT4ITSEOOR2CFBAHK4Z67KXJIEWQA/https://thekelleys.org.uk/dnsmasq/doc.htmlhttps://thekelleys.org.uk/gitweb/?p=dnsmasq.git%3Ba=blob%3Bf=CHANGELOGhttps://thekelleys.org.uk/gitweb/?p=dnsmasq.git%3Ba=commit%3Bh=eb92fb32b746f2104b0f370b5b295bb8dd4bd5e5
2023-03-15
Published