Dnsmasq

dnsmasq

Vendor: Thekelleys • 37 CVEs

CVEs (37)

CVE VENDORS PRODUCTS UPDATED PUBLISHED CVSS
CVE-2019-14513 2Debian Thekelleys 2Debian Linux Dnsmasq Nov 21, 2024 Aug 1, 2019 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Improper bounds checking in Dnsmasq before 2.76 allows an attacker controlled DNS server to send large DNS packets that result in a read operation beyond the buffer allocated for the packet, a different vulnerability tha...Show more Improper bounds checking in Dnsmasq before 2.76 allows an attacker controlled DNS server to send large DNS packets that result in a read operation beyond the buffer allocated for the packet, a different vulnerability than CVE-2017-14491.Show less
CVE-2017-15107 1Thekelleys 1Dnsmasq Nov 21, 2024 Jan 23, 2018 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 A vulnerability was found in the implementation of DNSSEC in Dnsmasq up to and including 2.78. Wildcard synthesized NSEC records could be improperly interpreted to prove the non-existence of hostnames that actually exist...Show more A vulnerability was found in the implementation of DNSSEC in Dnsmasq up to and including 2.78. Wildcard synthesized NSEC records could be improperly interpreted to prove the non-existence of hostnames that actually exist.Show less
CVE-2017-14491 12Arista ArubanetworksCanonical+9 more 21Arubaos Debian LinuxDiskstation Manager+18 more May 13, 2026 Oct 4, 2017 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DNS response.
CVE-2017-14496 6Canonical DebianGoogle+3 more 8Android Debian LinuxDnsmasq+5 more May 13, 2026 Oct 3, 2017 N/A· v4 7.5 HIGH· v3 7.8 HIGH· v2 Integer underflow in the add_pseudoheader function in dnsmasq before 2.78 , when the --add-mac, --add-cpe-id or --add-subnet option is specified, allows remote attackers to cause a denial of service via a crafted DNS req...Show more Integer underflow in the add_pseudoheader function in dnsmasq before 2.78 , when the --add-mac, --add-cpe-id or --add-subnet option is specified, allows remote attackers to cause a denial of service via a crafted DNS request.Show less
CVE-2017-14495 4Canonical DebianRedhat+1 more 6Debian Linux DnsmasqEnterprise Linux Desktop+3 more May 13, 2026 Oct 3, 2017 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Memory leak in dnsmasq before 2.78, when the --add-mac, --add-cpe-id or --add-subnet option is specified, allows remote attackers to cause a denial of service (memory consumption) via vectors involving DNS response creat...Show more Memory leak in dnsmasq before 2.78, when the --add-mac, --add-cpe-id or --add-subnet option is specified, allows remote attackers to cause a denial of service (memory consumption) via vectors involving DNS response creation.Show less
CVE-2017-14494 5Canonical DebianNovell+2 more 7Debian Linux DnsmasqEnterprise Linux Desktop+4 more May 13, 2026 Oct 3, 2017 N/A· v4 5.9 MEDIUM· v3 4.3 MEDIUM· v2 dnsmasq before 2.78, when configured as a relay, allows remote attackers to obtain sensitive memory information via vectors involving handling DHCPv6 forwarded requests.
CVE-2017-14493 5Canonical DebianOpensuse+2 more 7Debian Linux DnsmasqEnterprise Linux Desktop+4 more May 13, 2026 Oct 3, 2017 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Stack-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted DHCPv6 request.
CVE-2017-14492 4Canonical DebianRedhat+1 more 6Debian Linux DnsmasqEnterprise Linux Desktop+3 more May 13, 2026 Oct 3, 2017 N/A· v4 9.8 CRITICAL· v3 7.5 HIGH· v2 Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a crafted IPv6 router advertisement request.
CVE-2017-13704 6Canonical DebianFedoraproject+3 more 8Debian Linux DnsmasqEnterprise Linux Desktop+5 more May 13, 2026 Oct 3, 2017 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 In dnsmasq before 2.78, if the DNS packet size does not match the expected size, the size parameter in a memset call gets a negative value. As it is an unsigned value, memset ends up writing up to 0xffffffff zero's (0xff...Show more In dnsmasq before 2.78, if the DNS packet size does not match the expected size, the size parameter in a memset call gets a negative value. As it is an unsigned value, memset ends up writing up to 0xffffffff zero's (0xffffffffffffffff in 64 bit platforms), making dnsmasq crash.Show less
CVE-2015-8899 2Canonical Thekelleys 2Dnsmasq Ubuntu Linux May 6, 2026 Jun 30, 2016 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Dnsmasq before 2.76 allows remote servers to cause a denial of service (crash) via a reply with an empty DNS address that has an (1) A or (2) AAAA record defined locally.
CVE-2015-3294 2Oracle Thekelleys 2Dnsmasq Solaris May 6, 2026 May 8, 2015 N/A· v4 N/A· v3 6.4 MEDIUM· v2 The tcp_request function in Dnsmasq before 2.73rc4 does not properly handle the return value of the setup_reply function, which allows remote attackers to read process memory and cause a denial of service (out-of-bounds...Show more The tcp_request function in Dnsmasq before 2.73rc4 does not properly handle the return value of the setup_reply function, which allows remote attackers to read process memory and cause a denial of service (out-of-bounds read and crash) via a malformed DNS request.Show less
CVE-2013-0198 1Thekelleys 1Dnsmasq Apr 29, 2026 Mar 5, 2013 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Dnsmasq before 2.66test2, when used with certain libvirt configurations, replies to queries from prohibited interfaces, which allows remote attackers to cause a denial of service (traffic amplification) via spoofed TCP b...Show more Dnsmasq before 2.66test2, when used with certain libvirt configurations, replies to queries from prohibited interfaces, which allows remote attackers to cause a denial of service (traffic amplification) via spoofed TCP based DNS queries. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3411.Show less
CVE-2012-3411 2Redhat Thekelleys 4Dnsmasq Enterprise Linux DesktopEnterprise Linux Server+1 more Apr 29, 2026 Mar 5, 2013 N/A· v4 N/A· v3 5.0 MEDIUM· v2 Dnsmasq before 2.63test1, when used with certain libvirt configurations, replies to requests from prohibited interfaces, which allows remote attackers to cause a denial of service (traffic amplification) via a spoofed DN...Show more Dnsmasq before 2.63test1, when used with certain libvirt configurations, replies to requests from prohibited interfaces, which allows remote attackers to cause a denial of service (traffic amplification) via a spoofed DNS query.Show less
CVE-2009-2958 1Thekelleys 1Dnsmasq Apr 23, 2026 Sep 2, 2009 N/A· v4 N/A· v3 4.3 MEDIUM· v2 The tftp_request function in tftp.c in dnsmasq before 2.50, when --enable-tftp is used, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a TFTP read (aka RRQ) request w...Show more The tftp_request function in tftp.c in dnsmasq before 2.50, when --enable-tftp is used, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a TFTP read (aka RRQ) request with a malformed blksize option.Show less
CVE-2009-2957 1Thekelleys 1Dnsmasq Apr 23, 2026 Sep 2, 2009 N/A· v4 N/A· v3 6.8 MEDIUM· v2 Heap-based buffer overflow in the tftp_request function in tftp.c in dnsmasq before 2.50, when --enable-tftp is used, might allow remote attackers to execute arbitrary code via a long filename in a TFTP packet, as demons...Show more Heap-based buffer overflow in the tftp_request function in tftp.c in dnsmasq before 2.50, when --enable-tftp is used, might allow remote attackers to execute arbitrary code via a long filename in a TFTP packet, as demonstrated by a read (aka RRQ) request.Show less
CVE-2008-3214 1Thekelleys 1Dnsmasq Apr 23, 2026 Jul 18, 2008 N/A· v4 N/A· v3 7.8 HIGH· v2 dnsmasq 2.25 allows remote attackers to cause a denial of service (daemon crash) by (1) renewing a nonexistent lease or (2) sending a DHCPREQUEST for an IP address that is not in the same network, related to the DHCP NAK...Show more dnsmasq 2.25 allows remote attackers to cause a denial of service (daemon crash) by (1) renewing a nonexistent lease or (2) sending a DHCPREQUEST for an IP address that is not in the same network, related to the DHCP NAK response from the daemon.Show less
CVE-2005-0877 1Thekelleys 1Dnsmasq Apr 16, 2026 May 2, 2005 N/A· v4 7.5 HIGH· v3 5.0 MEDIUM· v2 Dnsmasq before 2.21 allows remote attackers to poison the DNS cache via answers to queries that were not made by Dnsmasq.

Previous 12