VULHUB ™

Dnsmasq is reported prone to multiple remote vulnerabilities. These issues can allow an attacker to exploit an off-by-one overflow condition and carry out DNS cache poisoning attacks. An attacker may leverage these issues to manipulate cache data, potentially facilitating man-in-the-middle, site impersonation, or denial of service attacks. A denial of service condition may occur due to the off-by-one overflow vulnerability. Although unconfirmed, there is a circumstantial possibility of remote code execution in the context of the server. Reportedly, exploitation of the cache-poisoning issue is not trivial as improvements were made to the application to mitigate cache-poisoning attacks. The off-by-one overflow issue affects Dnsmasq 2.14, 2.15, 2.16, 2.17, 2.18, 2.19 and 2.20. The cache-poisoning issue affects Dnsmasq 2.20 and prior. Due to a lack of details, further information is not available at the moment. This BID will be updated when more information becomes available.

Dnsmasq is reported prone to multiple remote vulnerabilities. These issues can allow an attacker to exploit an off-by-one overflow condition and carry out DNS cache poisoning attacks. An attacker may leverage these issues to manipulate cache data, potentially facilitating man-in-the-middle, site impersonation, or denial of service attacks. A denial of service condition may occur due to the off-by-one overflow vulnerability. Although unconfirmed, there is a circumstantial possibility of remote code execution in the context of the server. Reportedly, exploitation of the cache-poisoning issue is not trivial as improvements were made to the application to mitigate cache-poisoning attacks. The off-by-one overflow issue affects Dnsmasq 2.14, 2.15, 2.16, 2.17, 2.18, 2.19 and 2.20. The cache-poisoning issue affects Dnsmasq 2.20 and prior. Due to a lack of details, further information is not available at the moment. This BID will be updated when more information becomes available.