📦

dnsmasq

Vendor: dnsmasq

Login to add this product to WatchStack
Actively Exploited 0 CISA KEV List
PoC / Exploits 10 Code Available
Total RCEs 11 Remote Access
Total CVEs 2 Total Indexed
Avg. EPSS 11.94% Exploit Prob.
Latest CVE CVE-2023-49441 Jun 06

Security Vulnerability Index

Page 1 / 1
7.5 CVSS
CVE-2023-49441

dnsmasq 2.9 is vulnerable to Integer Overflow via forward_query.

EPSS: 0.01%
7.5 CVSS
CVE-2023-50387
RCE Exploit Found

Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of service (CPU consumption) via one or more DNSSEC responses, aka the "KeyTrap" issue. One of the concerns is that, when there is a zone with many DNSKEY and RRSIG records, the protocol specification implies that an algorithm must evaluate all combinations of DNSKEY and RRSIG records.

EPSS: 43.70%
7.5 CVSS
CVE-2023-28450

An issue was discovered in Dnsmasq before 2.90. The default maximum EDNS.0 UDP packet size was set to 4096 but should be 1232 because of DNS Flag Day 2020.

EPSS: 0.01%
7.5 CVSS
CVE-2022-0934

A single-byte, non-arbitrary write/use-after-free flaw was found in dnsmasq. This flaw allows an attacker who sends a crafted packet processed by dnsmasq, potentially causing a denial of service.

EPSS: 0.02%
9.8 CVSS
CVE-2021-45957
RCE

Dnsmasq 2.86 has a heap-based buffer overflow in answer_request (called from FuzzAnswerTheRequest and fuzz_rfc1035.c). NOTE: the vendor's position is that CVE-2021-45951 through CVE-2021-45957 "do not represent real vulnerabilities, to the best of our knowledge.

EPSS: 0.04%
9.8 CVSS
CVE-2021-45956
RCE

Dnsmasq 2.86 has a heap-based buffer overflow in print_mac (called from log_packet and dhcp_reply). NOTE: the vendor's position is that CVE-2021-45951 through CVE-2021-45957 "do not represent real vulnerabilities, to the best of our knowledge.

EPSS: 0.05%
9.8 CVSS
CVE-2021-45955
RCE

Dnsmasq 2.86 has a heap-based buffer overflow in resize_packet (called from FuzzResizePacket and fuzz_rfc1035.c) because of the lack of a proper bounds check upon pseudo header re-insertion. NOTE: the vendor's position is that CVE-2021-45951 through CVE-2021-45957 "do not represent real vulnerabilities, to the best of our knowledge." However, a contributor states that a security patch (mentioned in 016162.html) is needed

EPSS: 0.05%
9.8 CVSS
CVE-2021-45954
RCE

Dnsmasq 2.86 has a heap-based buffer overflow in extract_name (called from answer_auth and FuzzAuth). NOTE: the vendor's position is that CVE-2021-45951 through CVE-2021-45957 "do not represent real vulnerabilities, to the best of our knowledge.

EPSS: 0.05%
9.8 CVSS
CVE-2021-45953
RCE

Dnsmasq 2.86 has a heap-based buffer overflow in extract_name (called from hash_questions and fuzz_util.c). NOTE: the vendor's position is that CVE-2021-45951 through CVE-2021-45957 "do not represent real vulnerabilities, to the best of our knowledge.

EPSS: 0.05%
9.8 CVSS
CVE-2021-45952
RCE

Dnsmasq 2.86 has a heap-based buffer overflow in dhcp_reply (called from dhcp_packet and FuzzDhcp). NOTE: the vendor's position is that CVE-2021-45951 through CVE-2021-45957 "do not represent real vulnerabilities, to the best of our knowledge.

EPSS: 0.05%