Unrated severityNVD Advisory· Published May 8, 2015· Updated Jun 17, 2026
CVE-2015-3294
CVE-2015-3294
Description
The tcp_request function in Dnsmasq before 2.73rc4 does not properly handle the return value of the setup_reply function, which allows remote attackers to read process memory and cause a denial of service (out-of-bounds read and crash) via a malformed DNS request.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
14cpe:2.3:a:thekelleys:dnsmasq:*:rc3:*:*:*:*:*:*+ 1 more
- cpe:2.3:a:thekelleys:dnsmasq:*:rc3:*:*:*:*:*:*range: <=2.73
- (no CPE)range: <2.73rc4
- cpe:2.3:o:oracle:solaris:11.2:*:*:*:*:*:*:*
- osv-coords11 versionspkg:rpm/opensuse/dnsmasq&distro=openSUSE%20Tumbleweedpkg:rpm/suse/dnsmasq&distro=SUSE%20Cloud%20Compute%20Node%20for%20SUSE%20Linux%20Enterprise%2012%205pkg:rpm/suse/dnsmasq&distro=SUSE%20Linux%20Enterprise%20Desktop%2012pkg:rpm/suse/dnsmasq&distro=SUSE%20Linux%20Enterprise%20Point%20of%20Sale%2011%20SP3pkg:rpm/suse/dnsmasq&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-LTSSpkg:rpm/suse/dnsmasq&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP3-TERADATApkg:rpm/suse/dnsmasq&distro=SUSE%20Linux%20Enterprise%20Server%2011%20SP4pkg:rpm/suse/dnsmasq&distro=SUSE%20Linux%20Enterprise%20Server%2012pkg:rpm/suse/dnsmasq&distro=SUSE%20Linux%20Enterprise%20Server%2012-LTSSpkg:rpm/suse/dnsmasq&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2011%20SP4pkg:rpm/suse/dnsmasq&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012
< 2.76-1.3+ 10 more
- (no CPE)range: < 2.76-1.3
- (no CPE)range: < 2.71-4.1
- (no CPE)range: < 2.71-4.1
- (no CPE)range: < 2.78-0.16.5.1
- (no CPE)range: < 2.78-0.16.5.1
- (no CPE)range: < 2.78-0.16.5.1
- (no CPE)range: < 2.78-0.17.5.1
- (no CPE)range: < 2.71-4.1
- (no CPE)range: < 2.78-6.6.1
- (no CPE)range: < 2.78-0.17.5.1
- (no CPE)range: < 2.71-4.1
Patches
Vulnerability mechanics
References
11- lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2015q2/009382.htmlnvdExploit
- lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2015q2/009387.htmlnvdThird Party Advisory
- www.debian.org/security/2015/dsa-3251nvdVendor Advisory
- www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.htmlnvdThird Party Advisory
- www.ubuntu.com/usn/USN-2593-1nvdVendor Advisory
- lists.opensuse.org/opensuse-updates/2015-05/msg00013.htmlnvd
- thekelleys.org.uk/gitweb/nvd
- www.securityfocus.com/archive/1/535354/100/1100/threadednvd
- www.securityfocus.com/bid/74452nvd
- www.securitytracker.com/id/1032195nvd
- security.gentoo.org/glsa/201512-01nvd
News mentions
0No linked articles in our index yet.