pkg:Debian/dnsmasq
57 total CVEsCRITICAL5HIGH24MEDIUM10LOW6
✅ Check your installed version
All known vulnerabilities
- from 0, < 2.62-3+deb7u4
- from 0, < 2.78-1
- from 0, < 2.72-3+deb8u2
- CRITICAL9.8CVE-2017-14493Stack-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code v…from 0, < 2.78-1
- CRITICAL9.8CVE-2017-14492Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code vi…from 0, < 2.78-1
- HIGH8.4CVE-2026-4892A heap-based out-of-bounds write vulnerability in the DHCPv6 implementation of dnsmasq allows local attackers to execute arbitrary code wit…from 0
- from 0, < 2.83-1
- from 0, < 2.76-5+deb9u3
- from 0, < 2.83-1
- from 0, < 2.80-1+deb10u1
- from 0
- HIGH7.5CVE-2026-4890A Denial of Service (DoS) vulnerability in the DNSSEC validation of dnsmasq allows remote attackers to cause a denial of service via a craf…from 0
- from 0, < 2.92-4
- from 0
- HIGH7.5CVE-2023-50868The Closest Encloser Proof aspect of the DNS protocol (in RFC 5155 when RFC 9276 guidance is skipped) allows remote attackers to cause a de…from 0, < 2.85-1+deb11u1
- from 0, < 2.85-1+deb11u1
- from 0, < 2.85-1+deb11u1
- from 0, < 2.85-1+deb11u1
- from 0, < 2.85-1+deb11u1
- from 0, < 2.72-3+deb8u5
- from 0, < 2.76-1
- HIGH7.5CVE-2017-15107A vulnerability was found in the implementation of DNSSEC in Dnsmasq up to and including 2.78.from 0, < 2.79-1
- HIGH7.5CVE-2017-14496Integer underflow in the add_pseudoheader function in dnsmasq before 2.78 , when the --add-mac, --add-cpe-id or --add-subnet option is spec…from 0, < 2.78-1
- HIGH7.5CVE-2017-14495Memory leak in dnsmasq before 2.78, when the --add-mac, --add-cpe-id or --add-subnet option is specified, allows remote attackers to cause…from 0, < 2.78-1
- HIGH7.5CVE-2017-13704In dnsmasq before 2.78, if the DNS packet size does not match the expected size, the size parameter in a memset call gets a negative value.from 0, < 2.78-1
- HIGH7.5CVE-2015-8899Dnsmasq before 2.76 allows remote servers to cause a denial of service (crash) via a reply with an empty DNS address that has an (1) A or (…from 0, < 2.76-1
- HIGH7.5CVE-2005-0877Dnsmasq before 2.21 allows remote attackers to poison the DNS cache via answers to queries that were not made by Dnsmasq.from 0, < 2.21
- HIGH7.3CVE-2026-5172A buffer overflow in dnsmasq’s extract_addresses() function allows an attacker to trigger a heap out-of-bounds read and crash by exploiting…from 0
- HIGH7.3CVE-2026-2291dnsmasqs extract_name() function can be abused to cause a heap buffer overflow, allowing an attacker to inject false DNS cache entries, whi…from 0
- from 0, < 2.43-1
- from 0, < 2.35-1+etch4
- MEDIUM5.9CVE-2020-14312A flaw was found in the default configuration of dnsmasq, as shipped with Fedora versions prior to 31 and in all versions Red Hat Enterpris…from 0, < 2.69-1
- from 0, < 2.83-1
- from 0, < 2.83-1
- MEDIUM5.9CVE-2017-14494dnsmasq before 2.78, when configured as a relay, allows remote attackers to obtain sensitive memory information via vectors involving handl…from 0, < 2.78-1
- MEDIUM5.5CVE-2020-37127Dnsmasq-utils 2.79-1 contains a buffer overflow vulnerability in the dhcp_release utility that allows attackers to cause a denial of servic…from 0, < 2.80-1
- MEDIUM5.3CVE-2026-4893An information disclosure vulnerability in dnsmasq allows remote attackers to bypass source checks via a crafted DNS packet with RFC 7871 c…from 0
- MEDIUM5.3CVE-2026-4891A heap-based out-of-bounds read vulnerability in the DNSSEC validation of dnsmasq allows remote attackers to cause a denial of service via…from 0
- from 0, < 2.85-1
- from 0, < 2.83-1
- from 0, < 2.83-1
- from 0, < 2.83-1
- LOW3.7CVE-2019-14834A vulnerability was found in dnsmasq before version 2.81, where the memory leak allows remote attackers to cause a denial of service (memor…from 0, < 2.81-1
- from 0
- from 0
- from 0, < 2.55-2+deb6u1
- from 0, < 2.62-3+deb7u2
- from 0, < 2.72-3.1
- —CVE-2013-0198Dnsmasq before 2.66test2, when used with certain libvirt configurations, replies to queries from prohibited interfaces, which allows remote…from 0, < 2.66-1
- —CVE-2012-3411Dnsmasq before 2.63test1, when used with certain libvirt configurations, replies to requests from prohibited interfaces, which allows remot…from 0, < 2.63-1
- —CVE-2009-2958The tftp_request function in tftp.c in dnsmasq before 2.50, when --enable-tftp is used, allows remote attackers to cause a denial of servic…from 0, < 2.50-1
- from 0, < 2.50-1
- from 0, < 2.45-1+lenny1
- —CVE-2008-3350dnsmasq 2.43 allows remote attackers to cause a denial of service (daemon crash) by (1) sending a DHCPINFORM while lacking a DHCP lease, or…from 0, < 2.44-1
- —CVE-2008-3214dnsmasq 2.25 allows remote attackers to cause a denial of service (daemon crash) by (1) renewing a nonexistent lease or (2) sending a DHCPR…from 0, < 2.26-1
- —CVE-2006-2017Dnsmasq 2.29 allows remote attackers to cause a denial of service (application crash) via a DHCP client broadcast reply request.from 0, < 2.30-1
- —CVE-2005-0876Off-by-one buffer overflow in Dnsmasq before 2.21 may allow attackers to execute arbitrary code via the DHCP lease file.from 0, < 2.21