CVE-2023-28450

Published: Mar 15, 2023Modified: Nov 3, 2025

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

An issue was discovered in Dnsmasq before 2.90. The default maximum EDNS.0 UDP packet size was set to 4096 but should be 1232 because of DNS Flag Day 2020.

Affected (1)

Products: Thekelleys: Dnsmasq

Thekelleys

1 product

Dnsmasq

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Thekelleys Dnsmasq	Before 2.90

References (13)

https://capec.mitre.org/data/definitions/495.html

Source: cve@mitre.org

Not Applicable

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6UQ6LKDTLSSD64TBIZ3XEKBM2SWC63VV/

Source: cve@mitre.org

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OU2ZT4ITSEOOR2CFBAHK4Z67KXJIEWQA/

Source: cve@mitre.org

https://thekelleys.org.uk/dnsmasq/doc.html

Source: cve@mitre.org

Product

https://thekelleys.org.uk/gitweb/?p=dnsmasq.git%3Ba=blob%3Bf=CHANGELOG

Source: cve@mitre.org

https://thekelleys.org.uk/gitweb/?p=dnsmasq.git%3Ba=commit%3Bh=eb92fb32b746f2104b0f370b5b295bb8dd4bd5e5

Source: cve@mitre.org

https://capec.mitre.org/data/definitions/495.html