A flaw was found in dnsmasq before 2.83. A buffer overflow vulnerability was discovered in the way dnsmasq extract names from DNS packets before validating them with DNSSEC data. An attacker on the network who can create valid DNS replies could use this flaw to cause an overflow with arbitrary data in a heap-allocated memory possibly executing code on the machine. The flaw is in the rfc1035.c:extract_name() function which writes data to the memory pointed by name assuming MAXDNAME*2 bytes are available in the buffer. However in some code execution paths it is possible extract_name() gets passed an offset from the base buffer thus reducing in practice the number of available bytes that can be written in the buffer. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

🗓️ 29 Jan 2021 08:00:00Reported by MicrosoftType

Buffer overflow in dnsmasq before 2.83 enables remote code execution via crafted DNS replies in extract name.

Reporter	Title	Published	Views	Family All 149
FreeBSD	dnsmasq -- DNS cache poisoning, and DNSSEC buffer overflow, vulnerabilities	16 Sep 202000:00	–	freebsd
ALT Linux	Security fix for the ALT Linux 10 package dnsmasq version 2.83-alt1	22 Jan 202100:00	–	altlinux
Tenable Nessus	Alibaba Cloud Linux 3 : 0009: dnsmasq (ALINUX3-SA-2021:0009)	14 May 202500:00	–	nessus
Tenable Nessus	CentOS 8 : dnsmasq (CESA-2021:0150)	29 Jan 202100:00	–	nessus
Tenable Nessus	Debian DLA-2604-1 : dnsmasq security update	23 Mar 202100:00	–	nessus
Tenable Nessus	Debian DSA-4844-1 : dnsmasq - security update	5 Feb 202100:00	–	nessus
Tenable Nessus	dnsmasq < 2.83 Multiple Vulnerabilities (DNSPOOQ)	19 Jan 202100:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP8 : dnsmasq (EulerOS-SA-2021-1138)	1 Feb 202100:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP9 : dnsmasq (EulerOS-SA-2021-1244)	5 Feb 202100:00	–	nessus
Tenable Nessus	EulerOS 2.0 SP9 : dnsmasq (EulerOS-SA-2021-1263)	5 Feb 202100:00	–	nessus