CVE-2009-2957

EPSS 8.5%

dnsmasq - remote code execution

Published: 9/2/2009Modified: 4/28/2026

Also known as:DEBIAN-CVE-2009-2957

Description

Heap-based buffer overflow in the tftp_request function in tftp.c in dnsmasq before 2.50, when --enable-tftp is used, might allow remote attackers to execute arbitrary code via a long filename in a TFTP packet, as demonstrated by a read (aka RRQ) request.

Affected packages (2)

Debian/dnsmasqfrom 0, < 2.50-1
Debian/dnsmasqfrom 0, < 2.45-1+lenny1

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2009-2957