CVE-2015-3294

EPSS 0.18%

dnsmasq - security update

Published: 5/8/2015Modified: 3/9/2026

Also known as:DEBIAN-CVE-2015-3294DLA-225-1

Description

The tcp_request function in Dnsmasq before 2.73rc4 does not properly handle the return value of the setup_reply function, which allows remote attackers to read process memory and cause a denial of service (out-of-bounds read and crash) via a malformed DNS request.

Affected packages (3)

Debian/dnsmasqfrom 0, < 2.72-3.1
Debian/dnsmasqfrom 0, < 2.55-2+deb6u1
Debian/dnsmasqfrom 0, < 2.62-3+deb7u2

References (1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2015-3294