NewStart CGSL MAIN 6.06 : dnsmasq Multiple Vulnerabilities (NS-SA-2023-0078)

The remote NewStart CGSL host, running version MAIN 6.06, has dnsmasq packages installed that are affected by multiple vulnerabilities: - A flaw was found in dnsmasq before version 2.83. A heap-based buffer overflow was discovered in the way RRSets are sorted before validating with DNSSEC data. A...

NewStart CGSL MAIN 6.02 : dnsmasq Multiple Vulnerabilities (NS-SA-2021-0125)

The remote NewStart CGSL host, running version MAIN 6.02, has dnsmasq packages installed that are affected by multiple vulnerabilities: - A flaw was found in dnsmasq before version 2.83. A heap-based buffer overflow was discovered in the way RRSets are sorted before validating with DNSSEC data. A...

EulerOS 2.0 SP3 : dnsmasq (EulerOS-SA-2021-1775)

According to the versions of the dnsmasq packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A vulnerability was found in the implementation of DNSSEC in Dnsmasq up to and including 2.78. Wildcard synthesized NSEC records could be...

EulerOS Virtualization for ARM 64 3.0.2.0 : dnsmasq (EulerOS-SA-2021-1389)

According to the versions of the dnsmasq packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - A flaw was found in dnsmasq before version 2.83. When receiving a query, dnsmasq does not check for an existing pendi...

EulerOS Virtualization for ARM 64 3.0.6.0 : dnsmasq (EulerOS-SA-2021-1551)

According to the versions of the dnsmasq packages installed, the EulerOS Virtualization for ARM 64 installation on the remote host is affected by the following vulnerabilities : - A flaw was found in the default configuration of dnsmasq, as shipped with Fedora and Red Hat Enterprise Linux, where ...

dnsmasq: loose query name check in reply_query() makes forging replies easier for an off-path attacker

A flaw was found in dnsmasq. When getting a reply from a forwarded query, dnsmasq checks in forward.c:replyquery, which is the forwarded query that matches the reply, by only using a weak hash of the query name. Due to the weak hash CRC32 when dnsmasq is compiled without DNSSEC, SHA-1 when it is...

DNS Cache Poisoning

apport is vulnerable to DNS cache poisoning. When getting a reply from a forwarded query, dnsmasq checks in forward.c:replyquery if the reply destination address/port is one of those used by the pending forwarded queries. However, it does not use the address/port to retrieve the exact forwarded...

Amazon Linux 2 : dnsmasq (ALAS-2021-1587)

The version of dnsmasq installed on the remote host is prior to 2.76-16. It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2-2021-1587 advisory. A flaw was found in dnsmasq. When getting a reply from a forwarded query, dnsmasq checks in the forward.c:replyquery if th...

Fedora 33 : dnsmasq (2021-84440e87ba)

The remote Fedora 33 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2021-84440e87ba advisory. - A flaw was found in dnsmasq before version 2.83. A heap-based buffer overflow was discovered in the way RRSets are sorted before validating with...

Design/Logic Flaw

A flaw was found in dnsmasq before version 2.83. When receiving a query, dnsmasq does not check for an existing pending request for the same name and forwards a new request. By default, a maximum of 150 pending queries can be sent to upstream servers, so there can be at most 150 queries for the...

CVE-2020-25686

A flaw was found in dnsmasq before version 2.83. When receiving a query, dnsmasq does not check for an existing pending request for the same name and forwards a new request. By default, a maximum of 150 pending queries can be sent to upstream servers, so there can be at most 150 queries for the...

CVE-2020-25686

A flaw was found in dnsmasq before version 2.83. When receiving a query, dnsmasq does not check for an existing pending request for the same name and forwards a new request. By default, a maximum of 150 pending queries can be sent to upstream servers, so there can be at most 150 queries for the...

CVE-2020-25684

A flaw was found in dnsmasq before version 2.83. When getting a reply from a forwarded query, dnsmasq checks in the forward.c:replyquery if the reply destination address/port is used by the pending forwarded queries. However, it does not use the address/port to retrieve the exact forwarded query,...