CVE-2009-2957

EPSS 8.5%

dnsmasq - remote code execution

發布日:2009/9/2修改日:2026/4/28

也稱為:DEBIAN-CVE-2009-2957

描述

Heap-based buffer overflow in the tftp_request function in tftp.c in dnsmasq before 2.50, when --enable-tftp is used, might allow remote attackers to execute arbitrary code via a long filename in a TFTP packet, as demonstrated by a read (aka RRQ) request.

受影響套件(2)

Debian/dnsmasqfrom 0, < 2.50-1
Debian/dnsmasqfrom 0, < 2.45-1+lenny1

參考連結(1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2009-2957