Dnsmasq - Vulncode-DB

Note:

This project will be discontinued after December 13, 2021. [more]

Product:
Dnsmasq
(Thekelleys)

Repositories	Unknown: This might be proprietary software.
#Vulnerabilities	37

Date	Id	Summary	Products	Score	Patch	Annotated
2016-06-30	CVE-2015-8899	Dnsmasq before 2.76 allows remote servers to cause a denial of service (crash) via a reply with an empty DNS address that has an (1) A or (2) AAAA record defined locally.	Ubuntu_linux, Dnsmasq	7.5
2017-10-03	CVE-2017-14492	Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted IPv6 router advertisement request.	Ubuntu_linux, Debian_linux, Leap, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation, Dnsmasq	9.8
2017-10-03	CVE-2017-14496	Integer underflow in the add_pseudoheader function in dnsmasq before 2.78 , when the --add-mac, --add-cpe-id or --add-subnet option is specified, allows remote attackers to cause a denial of service via a crafted DNS request.	Ubuntu_linux, Debian_linux, Android, Leap, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation, Dnsmasq	7.5
2017-10-03	CVE-2017-14493	Stack-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DHCPv6 request.	Ubuntu_linux, Debian_linux, Leap, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation, Dnsmasq	9.8
2017-10-03	CVE-2017-14494	dnsmasq before 2.78, when configured as a relay, allows remote attackers to obtain sensitive memory information via vectors involving handling DHCPv6 forwarded requests.	Ubuntu_linux, Debian_linux, Leap, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation, Dnsmasq	5.9
2017-10-03	CVE-2017-14495	Memory leak in dnsmasq before 2.78, when the --add-mac, --add-cpe-id or --add-subnet option is specified, allows remote attackers to cause a denial of service (memory consumption) via vectors involving DNS response creation.	Ubuntu_linux, Debian_linux, Leap, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation, Dnsmasq	7.5
2017-10-03	CVE-2017-13704	In dnsmasq before 2.78, if the DNS packet size does not match the expected size, the size parameter in a memset call gets a negative value. As it is an unsigned value, memset ends up writing up to 0xffffffff zero's (0xffffffffffffffff in 64 bit platforms), making dnsmasq crash.	Ubuntu_linux, Debian_linux, Fedora, Leap, Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation, Dnsmasq	7.5
2019-08-01	CVE-2019-14513	Improper bounds checking in Dnsmasq before 2.76 allows an attacker controlled DNS server to send large DNS packets that result in a read operation beyond the buffer allocated for the packet, a different vulnerability than CVE-2017-14491.	Debian_linux, Dnsmasq	7.5
2013-03-05	CVE-2012-3411	Dnsmasq before 2.63test1, when used with certain libvirt configurations, replies to requests from prohibited interfaces, which allows remote attackers to cause a denial of service (traffic amplification) via a spoofed DNS query.	Enterprise_linux_desktop, Enterprise_linux_server, Enterprise_linux_workstation, Dnsmasq	N/A
2020-01-07	CVE-2019-14834	A vulnerability was found in dnsmasq before version 2.81, where the memory leak allows remote attackers to cause a denial of service (memory consumption) via vectors involving DHCP response creation.	Fedora, Dnsmasq	3.7