DSA-3251-1 dnsmasq -- dnsmasqID: oval:org.secpod.oval:def:602069 | Date: (C)2015-05-11 (M)2023-11-13 |
Class: PATCH | Family: unix |
Nick Sampanis discovered that dnsmasq, a small caching DNS proxy and DHCP/TFTP server, did not properly check the return value of the setup_reply function called during a TCP connection, which is used then as a size argument in a function which writes data on the client"s connection. A remote attacker could exploit this issue via a specially crafted DNS request to cause dnsmasq to crash, or potentially to obtain sensitive information from process memory.
Platform: |
Debian 8.x |
Debian 7.x |