Lucene search

K
cvelistRedhatCVELIST:CVE-2021-3448
HistoryApr 08, 2021 - 10:06 p.m.

CVE-2021-3448

2021-04-0822:06:45
CWE-358
redhat
www.cve.org

4.6 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

60.5%

A flaw was found in dnsmasq in versions before 2.85. When configured to use a specific server for a given network interface, dnsmasq uses a fixed port while forwarding queries. An attacker on the network, able to find the outgoing port used by dnsmasq, only needs to guess the random transmission ID to forge a reply and get it accepted by dnsmasq. This flaw makes a DNS Cache Poisoning attack much easier. The highest threat from this vulnerability is to data integrity.

CNA Affected

[
  {
    "product": "dnsmasq",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "dnsmasq 2.85"
      }
    ]
  }
]