Thekelleys Dnsmasq vulnerabilities

CVE-2020-25684 [LOW] CWE-358 CVE-2020-25684: A flaw was found in dnsmasq before version 2.83. When getting a reply from a forwarded query, dnsmas A flaw was found in dnsmasq before version 2.83. When getting a reply from a forwarded query, dnsmasq checks in the forward.c:reply_query() if the reply destination address/port is used by the pending forwarded queries. However, it does not use the address/port to retrieve the exact forwarded query, substantially reducing the number of attempts an atta

CVE-2020-25686 [LOW] CVE-2020-25686: A flaw was found in dnsmasq before version 2.83. When receiving a query, dnsmasq does not check for A flaw was found in dnsmasq before version 2.83. When receiving a query, dnsmasq does not check for an existing pending request for the same name and forwards a new request. By default, a maximum of 150 pending queries can be sent to upstream servers, so there can be at most 150 queries for the same name. This flaw allows an off-path attacker on the network to

CVE-2019-14834 [LOW] CWE-770 CVE-2019-14834: A vulnerability was found in dnsmasq before version 2.81, where the memory leak allows remote attack A vulnerability was found in dnsmasq before version 2.81, where the memory leak allows remote attackers to cause a denial of service (memory consumption) via vectors involving DHCP response creation.

CVE-2019-14513 [HIGH] CVE-2019-14513: Improper bounds checking in Dnsmasq before 2.76 allows an attacker controlled DNS server to send lar Improper bounds checking in Dnsmasq before 2.76 allows an attacker controlled DNS server to send large DNS packets that result in a read operation beyond the buffer allocated for the packet, a different vulnerability than CVE-2017-14491.

CVE-2017-15107 [HIGH] CWE-358 CVE-2017-15107: A vulnerability was found in the implementation of DNSSEC in Dnsmasq up to and including 2.78. Wildc A vulnerability was found in the implementation of DNSSEC in Dnsmasq up to and including 2.78. Wildcard synthesized NSEC records could be improperly interpreted to prove the non-existence of hostnames that actually exist.

CVE-2017-14491 [CRITICAL] CWE-787 CVE-2017-14491: Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of servi Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response.

CVE-2017-14493 [CRITICAL] CWE-119 CVE-2017-14493: Stack-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of serv Stack-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DHCPv6 request.

CVE-2017-14492 [CRITICAL] CWE-119 CVE-2017-14492: Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of servi Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted IPv6 router advertisement request.

CVE-2017-14496 [HIGH] CWE-191 CVE-2017-14496: Integer underflow in the add_pseudoheader function in dnsmasq before 2.78 , when the --add-mac, --ad Integer underflow in the add_pseudoheader function in dnsmasq before 2.78 , when the --add-mac, --add-cpe-id or --add-subnet option is specified, allows remote attackers to cause a denial of service via a crafted DNS request.

CVE-2017-13704 [HIGH] CWE-20 CVE-2017-13704: In dnsmasq before 2.78, if the DNS packet size does not match the expected size, the size parameter In dnsmasq before 2.78, if the DNS packet size does not match the expected size, the size parameter in a memset call gets a negative value. As it is an unsigned value, memset ends up writing up to 0xffffffff zero's (0xffffffffffffffff in 64 bit platforms), making dnsmasq crash.

CVE-2017-14495 [HIGH] CWE-772 CVE-2017-14495: Memory leak in dnsmasq before 2.78, when the --add-mac, --add-cpe-id or --add-subnet option is speci Memory leak in dnsmasq before 2.78, when the --add-mac, --add-cpe-id or --add-subnet option is specified, allows remote attackers to cause a denial of service (memory consumption) via vectors involving DNS response creation.

CVE-2017-14494 [MEDIUM] CWE-200 CVE-2017-14494: dnsmasq before 2.78, when configured as a relay, allows remote attackers to obtain sensitive memory dnsmasq before 2.78, when configured as a relay, allows remote attackers to obtain sensitive memory information via vectors involving handling DHCPv6 forwarded requests.

CVE-2015-8899 [HIGH] CWE-20 CVE-2015-8899: Dnsmasq before 2.76 allows remote servers to cause a denial of service (crash) via a reply with an e Dnsmasq before 2.76 allows remote servers to cause a denial of service (crash) via a reply with an empty DNS address that has an (1) A or (2) AAAA record defined locally.

CVE-2015-3294 [MEDIUM] CWE-19 CVE-2015-3294: The tcp_request function in Dnsmasq before 2.73rc4 does not properly handle the return value of the The tcp_request function in Dnsmasq before 2.73rc4 does not properly handle the return value of the setup_reply function, which allows remote attackers to read process memory and cause a denial of service (out-of-bounds read and crash) via a malformed DNS request.

CVE-2012-3411 [MEDIUM] CWE-20 CVE-2012-3411: Dnsmasq before 2.63test1, when used with certain libvirt configurations, replies to requests from pr Dnsmasq before 2.63test1, when used with certain libvirt configurations, replies to requests from prohibited interfaces, which allows remote attackers to cause a denial of service (traffic amplification) via a spoofed DNS query.

CVE-2013-0198 [MEDIUM] CVE-2013-0198: Dnsmasq before 2.66test2, when used with certain libvirt configurations, replies to queries from pro Dnsmasq before 2.66test2, when used with certain libvirt configurations, replies to queries from prohibited interfaces, which allows remote attackers to cause a denial of service (traffic amplification) via spoofed TCP based DNS queries. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3411.

CVE-2009-2958 [MEDIUM] CWE-399 CVE-2009-2958: The tftp_request function in tftp.c in dnsmasq before 2.50, when --enable-tftp is used, allows remot The tftp_request function in tftp.c in dnsmasq before 2.50, when --enable-tftp is used, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a TFTP read (aka RRQ) request with a malformed blksize option.

CVE-2009-2957 [MEDIUM] CWE-119 CVE-2009-2957: Heap-based buffer overflow in the tftp_request function in tftp.c in dnsmasq before 2.50, when --ena Heap-based buffer overflow in the tftp_request function in tftp.c in dnsmasq before 2.50, when --enable-tftp is used, might allow remote attackers to execute arbitrary code via a long filename in a TFTP packet, as demonstrated by a read (aka RRQ) request.

CVE-2008-3350 [HIGH] CVE-2008-3350: dnsmasq 2 dnsmasq 2.43 allows remote attackers to cause a denial of service (daemon crash) by (1) sending a DHCPINFORM while lacking a DHCP lease, or (2) attempting to renew a nonexistent DHCP lease for an invalid subnet as an "unknown client," a different vulnerability than CVE-2008-3214.

CVE-2008-3214 [HIGH] CWE-20 CVE-2008-3214: dnsmasq 2.25 allows remote attackers to cause a denial of service (daemon crash) by (1) renewing a n dnsmasq 2.25 allows remote attackers to cause a denial of service (daemon crash) by (1) renewing a nonexistent lease or (2) sending a DHCPREQUEST for an IP address that is not in the same network, related to the DHCP NAK response from the daemon.