CVE-2015-8899

Published: Jun 30, 2016Modified: May 6, 2026

7.5

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

Dnsmasq before 2.76 allows remote servers to cause a denial of service (crash) via a reply with an empty DNS address that has an (1) A or (2) AAAA record defined locally.

Affected (3)

Products: Canonical: Ubuntu Linux · Thekelleys: Dnsmasq

1 product

1 product

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Canonical Ubuntu Linux	Version 15.10
Canonical Ubuntu Linux	Version 16.04

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Thekelleys Dnsmasq	Up to 2.75

Related CWEs

CWE-20

Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

References (16)

http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2016q2/010479.html

Source: security@ubuntu.com

http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2016q2/010505.html

Source: security@ubuntu.com

http://thekelleys.org.uk/gitweb/?p=dnsmasq.git%3Ba=commit%3Bh=41a8d9e99be9f2cc8b02051dd322cb45e0faac87

Source: security@ubuntu.com

http://www.openwall.com/lists/oss-security/2016/06/03/7

Source: security@ubuntu.com

http://www.openwall.com/lists/oss-security/2016/06/04/2

Source: security@ubuntu.com

http://www.securityfocus.com/bid/91031

Source: security@ubuntu.com

http://www.securitytracker.com/id/1036045

Source: security@ubuntu.com

http://www.ubuntu.com/usn/USN-3009-1

Source: security@ubuntu.com

http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2016q2/010479.html