CVE-2015-3294

EPSS 0.18%

dnsmasq - security update

發布日:2015/5/8修改日:2026/3/9

也稱為:DEBIAN-CVE-2015-3294DLA-225-1

描述

The tcp_request function in Dnsmasq before 2.73rc4 does not properly handle the return value of the setup_reply function, which allows remote attackers to read process memory and cause a denial of service (out-of-bounds read and crash) via a malformed DNS request.

受影響套件(3)

Debian/dnsmasqfrom 0, < 2.72-3.1
Debian/dnsmasqfrom 0, < 2.55-2+deb6u1
Debian/dnsmasqfrom 0, < 2.62-3+deb7u2

參考連結(1)

ADVISORYhttps://security-tracker.debian.org/tracker/CVE-2015-3294