Lucene search

K
alpinelinuxAlpine Linux Development TeamALPINE:CVE-2021-45955
HistoryJan 01, 2022 - 12:15 a.m.

CVE-2021-45955

2022-01-0100:15:00
Alpine Linux Development Team
security.alpinelinux.org
11

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

50.4%

DISPUTED Dnsmasq 2.86 has a heap-based buffer overflow in resize_packet (called from FuzzResizePacket and fuzz_rfc1035.c) because of the lack of a proper bounds check upon pseudo header re-insertion. NOTE: the vendor’s position is that CVE-2021-45951 through CVE-2021-45957 “do not represent real vulnerabilities, to the best of our knowledge.” However, a contributor states that a security patch (mentioned in 016162.html) is needed.

OSVersionArchitecturePackageVersionFilename
Alpineedge-mainnoarchdnsmasq= 2.86-r2UNKNOWN
Alpine3.15-mainnoarchdnsmasq= 2.86-r1UNKNOWN
Alpine3.16-mainnoarchdnsmasq= 2.86-r2UNKNOWN

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

0.001 Low

EPSS

Percentile

50.4%