OSV-2021-931 Heap-buffer-overflow in extract_name

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35861 Crash type: Heap-buffer-overflow WRITE 1 Crash state: extractname answerauth FuzzAuth...

OSV-2021-929 Heap-buffer-overflow in extract_name

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35858 Crash type: Heap-buffer-overflow WRITE 1 Crash state: extractname hashquestions fuzzutil.c...

EulerOS Virtualization 3.0.6.6 : dnsmasq (EulerOS-SA-2021-1469)

According to the versions of the dnsmasq packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A flaw was found in dnsmasq. A heap-based buffer overflow was discovered in the way RRSets are sorted before validating with...

EulerOS 2.0 SP9 : dnsmasq (EulerOS-SA-2021-1263)

According to the versions of the dnsmasq package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A flaw was found in dnsmasq before version 2.83. A heap-based buffer overflow was discovered in the way RRSets are sorted before validating with...

A flaw was found in dnsmasq before version 2.83. A heap-based buffer overflow was discovered in dnsmasq when DNSSEC is enabled and before it validates the received DNS entries. This flaw allows a remote attacker who can create valid DNS replies to cause an overflow in a heap-allocated memory. This flaw is caused by the lack of length checks in rfc1035.c:extract_name() which could be abused to make the code execute memcpy() with a negative size in sort_rrset() and cause a crash in dnsmasq resulting in a denial of service. The highest threat from this vulnerability is to system availability.

...

Arbitrary Code Execution

dnsmasq is vulnerable to arbitrary code execution. A buffer overflow in the rfc1035.c:extractname function allows an attacker to execute arbitrary code on the host OS...

DEBIAN-CVE-2020-25683

A flaw was found in dnsmasq before version 2.83. A heap-based buffer overflow was discovered in dnsmasq when DNSSEC is enabled and before it validates the received DNS entries. A remote attacker, who can create valid DNS replies, could use this flaw to cause an overflow in a heap-allocated memory...

dnsmasq: buffer overflow in extract_name() due to missing length check when DNSSEC is enabled

A flaw was found in dnsmasq. A buffer overflow vulnerability was discovered in the way dnsmasq extract names from DNS packets before validating them with DNSSEC data. An attacker on the network, who can create valid DNS replies, could use this flaw to cause an overflow with arbitrary data in a...

RHEL 8 : dnsmasq (RHSA-2021:0151)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0151 advisory. The dnsmasq packages contain Dnsmasq, a lightweight DNS Domain Name Server forwarder and DHCP Dynamic Host Configuration Protocol server...

RHEL 8 : dnsmasq (RHSA-2021:0152)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2021:0152 advisory. The dnsmasq packages contain Dnsmasq, a lightweight DNS Domain Name Server forwarder and DHCP Dynamic Host Configuration Protocol server...

dnsmasq 2.73rc6 < 2.73rc8 extract_name() Function RCE

The remote dnsmasq server is running version 2.73rc6 or 2.73rc7. It is, therefore, affected by a remote code execution vulnerability due to an overflow condition in the extractname function in rfc1035.c that occurs due to improper validation of user-supplied input. An unauthenticated, remote...