Lucene search

K

14 matches found

CVE
CVE
added 2021/01/20 5:15 p.m.6818 views

CVE-2020-25682

A flaw was found in dnsmasq before 2.83. A buffer overflow vulnerability was discovered in the way dnsmasq extract names from DNS packets before validating them with DNSSEC data. An attacker on the network, who can create valid DNS replies, could use this flaw to cause an overflow with arbitrary da...

8.3CVSS8.3AI score0.44853EPSS
CVE
CVE
added 2024/02/14 4:15 p.m.2468 views

CVE-2023-50387

Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the "KeyTrap" issue. One of the concerns is that, when there is a zone with many DNSKEY and RRSIG ...

7.5CVSS7.7AI score0.42223EPSS
CVE
CVE
added 2021/01/20 5:15 p.m.2175 views

CVE-2020-25681

A flaw was found in dnsmasq before version 2.83. A heap-based buffer overflow was discovered in the way RRSets are sorted before validating with DNSSEC data. An attacker on the network, who can forge DNS replies such as that they are accepted as valid, could use this flaw to cause a buffer overflow...

8.3CVSS8.3AI score0.50451EPSS
CVE
CVE
added 2020/01/07 5:15 p.m.1858 views

CVE-2019-14834

A vulnerability was found in dnsmasq before version 2.81, where the memory leak allows remote attackers to cause a denial of service (memory consumption) via vectors involving DHCP response creation.

4.3CVSS4AI score0.00061EPSS
CVE
CVE
added 2021/04/08 11:15 p.m.1657 views

CVE-2021-3448

A flaw was found in dnsmasq in versions before 2.85. When configured to use a specific server for a given network interface, dnsmasq uses a fixed port while forwarding queries. An attacker on the network, able to find the outgoing port used by dnsmasq, only needs to guess the random transmission ID...

4.3CVSS4.1AI score0.00031EPSS
CVE
CVE
added 2023/03/15 9:15 p.m.1343 views

CVE-2023-28450

An issue was discovered in Dnsmasq before 2.90. The default maximum EDNS.0 UDP packet size was set to 4096 but should be 1232 because of DNS Flag Day 2020.

7.5CVSS7.4AI score0.00011EPSS
CVE
CVE
added 2019/08/01 9:15 p.m.1082 views

CVE-2019-14513

Improper bounds checking in Dnsmasq before 2.76 allows an attacker controlled DNS server to send large DNS packets that result in a read operation beyond the buffer allocated for the packet, a different vulnerability than CVE-2017-14491.

7.5CVSS8.7AI score0.52378EPSS
CVE
CVE
added 2021/01/20 5:15 p.m.1047 views

CVE-2020-25687

A flaw was found in dnsmasq before version 2.83. A heap-based buffer overflow was discovered in dnsmasq when DNSSEC is enabled and before it validates the received DNS entries. This flaw allows a remote attacker, who can create valid DNS replies, to cause an overflow in a heap-allocated memory. Thi...

7.1CVSS7AI score0.4654EPSS
CVE
CVE
added 2022/08/29 3:15 p.m.1021 views

CVE-2022-0934

A single-byte, non-arbitrary write/use-after-free flaw was found in dnsmasq. This flaw allows an attacker who sends a crafted packet processed by dnsmasq, potentially causing a denial of service.

7.5CVSS7.1AI score0.00027EPSS
CVE
CVE
added 2021/01/20 4:15 p.m.875 views

CVE-2020-25684

A flaw was found in dnsmasq before version 2.83. When getting a reply from a forwarded query, dnsmasq checks in the forward.c:reply_query() if the reply destination address/port is used by the pending forwarded queries. However, it does not use the address/port to retrieve the exact forwarded query...

4.3CVSS6AI score0.01208EPSS
CVE
CVE
added 2021/01/20 4:15 p.m.791 views

CVE-2020-25683

A flaw was found in dnsmasq before version 2.83. A heap-based buffer overflow was discovered in dnsmasq when DNSSEC is enabled and before it validates the received DNS entries. A remote attacker, who can create valid DNS replies, could use this flaw to cause an overflow in a heap-allocated memory. ...

7.1CVSS7AI score0.57368EPSS
CVE
CVE
added 2021/01/20 5:15 p.m.780 views

CVE-2020-25686

A flaw was found in dnsmasq before version 2.83. When receiving a query, dnsmasq does not check for an existing pending request for the same name and forwards a new request. By default, a maximum of 150 pending queries can be sent to upstream servers, so there can be at most 150 queries for the sam...

4.3CVSS5.9AI score0.01208EPSS
CVE
CVE
added 2021/01/20 4:15 p.m.725 views

CVE-2020-25685

A flaw was found in dnsmasq before version 2.83. When getting a reply from a forwarded query, dnsmasq checks in forward.c:reply_query(), which is the forwarded query that matches the reply, by only using a weak hash of the query name. Due to the weak hash (CRC32 when dnsmasq is compiled without DNS...

4.3CVSS6AI score0.01132EPSS
CVE
CVE
added 2005/05/02 4:0 a.m.134 views

CVE-2005-0877

Dnsmasq before 2.21 allows remote attackers to poison the DNS cache via answers to queries that were not made by Dnsmasq.

7.5CVSS7.5AI score0.00053EPSS