VYPR

Dnsmasq

by Thekelleys

CVEs (48)

  • CVE-2019-14513Aug 1, 2019
    risk 0.00cvss epss 0.02

    Improper bounds checking in Dnsmasq before 2.76 allows an attacker controlled DNS server to send large DNS packets that result in a read operation beyond the buffer allocated for the packet, a different vulnerability than CVE-2017-14491.

  • CVE-2015-3294May 8, 2015
    risk 0.00cvss epss 0.04

    The tcp_request function in Dnsmasq before 2.73rc4 does not properly handle the return value of the setup_reply function, which allows remote attackers to read process memory and cause a denial of service (out-of-bounds read and crash) via a malformed DNS request.

  • CVE-2013-0198Mar 5, 2013
    risk 0.00cvss epss 0.03

    Dnsmasq before 2.66test2, when used with certain libvirt configurations, replies to queries from prohibited interfaces, which allows remote attackers to cause a denial of service (traffic amplification) via spoofed TCP based DNS queries. NOTE: this vulnerability exists because…

  • CVE-2012-3411Mar 5, 2013
    risk 0.00cvss epss 0.05

    Dnsmasq before 2.63test1, when used with certain libvirt configurations, replies to requests from prohibited interfaces, which allows remote attackers to cause a denial of service (traffic amplification) via a spoofed DNS query.

  • CVE-2008-3350Jul 28, 2008
    risk 0.00cvss epss 0.02

    dnsmasq 2.43 allows remote attackers to cause a denial of service (daemon crash) by (1) sending a DHCPINFORM while lacking a DHCP lease, or (2) attempting to renew a nonexistent DHCP lease for an invalid subnet as an "unknown client," a different vulnerability than CVE-2008-3214.

  • CVE-2008-3214Jul 18, 2008
    risk 0.00cvss epss 0.03

    dnsmasq 2.25 allows remote attackers to cause a denial of service (daemon crash) by (1) renewing a nonexistent lease or (2) sending a DHCPREQUEST for an IP address that is not in the same network, related to the DHCP NAK response from the daemon.

  • CVE-2006-2017Apr 25, 2006
    risk 0.00cvss epss 0.02

    Dnsmasq 2.29 allows remote attackers to cause a denial of service (application crash) via a DHCP client broadcast reply request.

  • CVE-2005-0876May 2, 2005
    risk 0.00cvss epss 0.03

    Off-by-one buffer overflow in Dnsmasq before 2.21 may allow attackers to execute arbitrary code via the DHCP lease file.

Page 3 of 3