FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

dnsmasq -- data exposure and denial of service

Affected packages
dnsmasq < 2.72_1
dnsmasq-devel < 2.73rc4


VuXML ID 37569eb7-0125-11e5-9d98-080027ef73ec
Discovery 2015-04-07
Entry 2015-05-23

Nick Sampanis reported a potential memory exposure and denial of service vulnerability against dnsmasq 2.72. The CVE entry summarizes this as:

The tcp_request function in Dnsmasq before 2.73rc4 does not properly handle the return value of the setup_reply function, which allows remote attackers to read process memory and cause a denial of service (out-of-bounds read and crash) via a malformed DNS request."


CVE Name CVE-2015-3294