CVE-2023-49441
published 2024-06-06CVE-2023-49441: dnsmasq 2.9 is vulnerable to Integer Overflow via forward_query.
PriorityP336high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
0.66%
46.8th percentile
dnsmasq 2.9 is vulnerable to Integer Overflow via forward_query.
Affected
5 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | dnsmasq | < dnsmasq 2.90-1 (bookworm) | dnsmasq 2.90-1 (bookworm) |
| thekelleys | dnsmasq | — | — |
| thekelleys | dnsmasq | >= 0 < 2.90-1 | 2.90-1 |
| thekelleys | dnsmasq | >= 0 < 2.90-1 | 2.90-1 |
| thekelleys | dnsmasq | >= 0 < 2.90-1 | 2.90-1 |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
osv7.5HIGH
vendor_debian7.5LOW
vendor_redhat7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-wh73-785p-7wcf: dnsmasq 2
ghsa_unreviewed·2024-06-07
CVE-2023-49441 [HIGH] CWE-190 GHSA-wh73-785p-7wcf: dnsmasq 2
dnsmasq 2.9 is vulnerable to Integer Overflow via forward_query.
OSV
CVE-2023-49441: dnsmasq 2
osv·2024-06-06·CVSS 7.5
CVE-2023-49441 [HIGH] CVE-2023-49441: dnsmasq 2
dnsmasq 2.9 is vulnerable to Integer Overflow via forward_query.
CISA ICS
Siemens SCALANCE M-800 Family
cisa_ics·2024-11-14
Siemens SCALANCE M-800 Family
ICS Advisory
##
Siemens SCALANCE M-800 Family
Release DateNovember 14, 2024
Alert CodeICSA-24-319-06
Related topics:
Industrial Control System Vulnerabilities, Industrial Control Systems
As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories (CERT Services | Services | Siemens Global).
View CSAF
## 1. EXECUTIVE SUMMARY
- CVSS v4 8.6
- ATTENTION: Exploitable remotely/low attack complexity
- Vendor: Siemens
- Equipment: SCALANCE M-800 Family
- Vulnerabilities: Out-of-bounds Read, Missing Encryption of Sensitive Data, Integer Overflow or Wraparou
Red Hat
dnsmasq: vulnerable to Integer Overflow via forward_query
vendor_redhat·2024-06-06·CVSS 7.5
CVE-2023-49441 [HIGH] CWE-190 dnsmasq: vulnerable to Integer Overflow via forward_query
dnsmasq: vulnerable to Integer Overflow via forward_query
dnsmasq 2.9 is vulnerable to Integer Overflow via forward_query.
A flaw was found in dnsmasq version 2.9. This vulnerability is due to an integer overflow via forward_query.
Package: dnsmasq (Red Hat Enterprise Linux 10) - Not affected
Package: dnsmasq (Red Hat Enterprise Linux 6) - Not affected
Package: dnsmasq (Red Hat Enterprise Linux 7) - Not affected
Package: dnsmasq (Red Hat Enterprise Linux 8) - Not affected
Package: dnsmasq (Red Hat Enterprise Linux 9) - Not affected
Debian
CVE-2023-49441: dnsmasq - dnsmasq 2.9 is vulnerable to Integer Overflow via forward_query.
vendor_debian·2023·CVSS 7.5
CVE-2023-49441 [HIGH] CVE-2023-49441: dnsmasq - dnsmasq 2.9 is vulnerable to Integer Overflow via forward_query.
dnsmasq 2.9 is vulnerable to Integer Overflow via forward_query.
Scope: local
bookworm: resolved (fixed in 2.90-1)
bullseye: open
forky: resolved (fixed in 2.90-1)
sid: resolved (fixed in 2.90-1)
trixie: resolved (fixed in 2.90-1)
No detection rules found.
No public exploits indexed.
https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2023q4/017332.htmlhttps://thekelleys.org.uk/gitweb/?p=dnsmasq.git%3Ba=commit%3Bh=65c2d6afd67a032f45f40d7e4d620f5d73e5f07dhttps://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2023q4/017332.htmlhttps://thekelleys.org.uk/gitweb/?p=dnsmasq.git%3Ba=commit%3Bh=65c2d6afd67a032f45f40d7e4d620f5d73e5f07d
2024-06-06
Published