CVE-2026-12969

An out-of-bounds read vulnerability exists in dnsmasq's findsoa function in src/rfc1035.c. When parsing NS section records, extractname is called with extrabytes=0, failing to validate that 10 additional bytes exist for fixed-length DNS record fields. A remote attacker controlling a DNS zone can...

EUVD-2021-19908

Malware in sbrugna...

openSUSE 15 Security Update : coredns (openSUSE-SU-2024:0319-1)

The remote openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the openSUSE-SU-2024:0319-1 advisory. Update to version 1.11.3: optimize the performance for high qps 6767 bump deps Fix zone parser error handling 6680 Add alternate option to forwar...

BIT-GOLANG-2021-33195

Go before 1.15.13 and 1.16.x before 1.16.5 has functions for DNS lookups that do not validate replies from DNS servers, and thus a return value may contain an unsafe injection e.g., XSS that does not conform to the RFC1035 format...

Dnsmasq 缓冲区错误漏洞

dnsmasq is a lightweight DNS forwarding and DHCP, TFTP server written in C. Dnsmasq 2.86 suffers from a buffer error vulnerability that stems from having a heap-based buffer overflow in resizepacket called from FuzzResizePacket and fuzzrfc1035.c...

SUSE: Security Advisory (SUSE-SU-2021:2760-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2021-33195

Go before 1.15.13 and 1.16.x before 1.16.5 has functions for DNS lookups that do not validate replies from DNS servers, and thus a return value may contain an unsafe injection e.g., XSS that does not conform to the RFC1035 format...

Format string

Go before 1.15.13 and 1.16.x before 1.16.5 has functions for DNS lookups that do not validate replies from DNS servers, and thus a return value may contain an unsafe injection e.g., XSS that does not conform to the RFC1035 format...

CVE-2021-33195

Go before 1.15.13 and 1.16.x before 1.16.5 has functions for DNS lookups that do not validate replies from DNS servers, and thus a return value may contain an unsafe injection e.g., XSS that does not conform to the RFC1035 format...

CVE-2021-33195

Go before 1.15.13 and 1.16.x before 1.16.5 has functions for DNS lookups that do not validate replies from DNS servers, and thus a return value may contain an unsafe injection e.g., XSS that does not conform to the RFC1035 format...

CVE-2021-33195

CVE-2021-33195 affects Go's net package: LookupCNAME/LookupSRV/LookupMX/LookupNS/LookupAddr may return DNS data that isn’t RFC1035-compliant, enabling unsafe injections (e.g., XSS). Affected: Go before 1.15.13 and 1.16.x before 1.16.5. Remediation: upgrade Go to 1.15.13+ or 1.16.5+ (and newer). T...

CVE-2021-33195

Go before 1.15.13 and 1.16.x before 1.16.5 has functions for DNS lookups that do not validate replies from DNS servers, and thus a return value may contain an unsafe injection e.g., XSS that does not conform to the RFC1035 format...

PT-2021-7706 · Dnsmasq +2 · Dnsmasq +2

Name of the Vulnerable Software and Affected Versions: Dnsmasq affected versions not specified Description: The issue is related to a buffer overflow in the resize packet function of the fuzz rfc1035.c component of the Dnsmasq DNS server. Exploitation of this issue may allow a remote attacker to...

EulerOS Virtualization 3.0.6.6 : dnsmasq (EulerOS-SA-2021-1469)

According to the versions of the dnsmasq packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A flaw was found in dnsmasq. A heap-based buffer overflow was discovered in the way RRSets are sorted before validating with...

EulerOS 2.0 SP9 : dnsmasq (EulerOS-SA-2021-1263)

According to the versions of the dnsmasq package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A flaw was found in dnsmasq before version 2.83. A heap-based buffer overflow was discovered in the way RRSets are sorted before validating with...

A flaw was found in dnsmasq before version 2.83. A heap-based buffer overflow was discovered in dnsmasq when DNSSEC is enabled and before it validates the received DNS entries. This flaw allows a remote attacker who can create valid DNS replies to cause an overflow in a heap-allocated memory. This flaw is caused by the lack of length checks in rfc1035.c:extract_name() which could be abused to make the code execute memcpy() with a negative size in sort_rrset() and cause a crash in dnsmasq resulting in a denial of service. The highest threat from this vulnerability is to system availability.

...

Arbitrary Code Execution

dnsmasq is vulnerable to arbitrary code execution. A buffer overflow in the rfc1035.c:extractname function allows an attacker to execute arbitrary code on the host OS...

Denial Of Service (DoS)

dnsmasq is vulnerable to denial of service. A heap-based buffer overflow in the rfc1035.c:extractname function allows an attacker to crash the application...

CVE-2020-25687

A flaw was found in dnsmasq before version 2.83. A heap-based buffer overflow was discovered in dnsmasq when DNSSEC is enabled and before it validates the received DNS entries. This flaw allows a remote attacker, who can create valid DNS replies, to cause an overflow in a heap-allocated memory...

CVE-2020-25683

A flaw was found in dnsmasq before version 2.83. A heap-based buffer overflow was discovered in dnsmasq when DNSSEC is enabled and before it validates the received DNS entries. A remote attacker, who can create valid DNS replies, could use this flaw to cause an overflow in a heap-allocated memory...