Lucene search

K
veracode
Veracode Vulnerability DatabaseVERACODE:29044
HistoryJan 20, 2021 - 4:41 p.m.

Arbitrary Code Execution

2021-01-2016:41:19
Veracode Vulnerability Database
sca.analysiscenter.veracode.com
8

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

7.1 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:N/I:N/A:C

dnsmasq is vulnerable to arbitrary code execution. A heap-based buffer overflow in rfc1035.c:extract_name() due to the lack of length checks, which could be abused occurs when DNSSEC is enabled and before the receiving DNS entries are validated. A remote attacker who can create valid DNS replies is able to exploit the vulnerability execute arbitrary code via memcpy() using negative size in sort_rrset().

How to protect your server from attacks?

5.9 Medium

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

7.1 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:N/I:N/A:C

Related for VERACODE:29044