dnsmasq: loose address/port check in reply_query() makes forging replies easier for an off-path attacker
A flaw was found in dnsmasq. When getting a reply from a forwarded query, dnsmasq checks in the forward.c:replyquery if the reply destination address/port is used by the pending forwarded queries. However, it does not use the address/port to retrieve the exact forwarded query, substantially...