Skip to main content

Dnsmasq CVE-2023-28450

HIGH
2023-03-15 cve@mitre.org
7.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

1
CVE Published
Mar 15, 2023 - 21:15 nvd
HIGH 7.5

DescriptionNVD

An issue was discovered in Dnsmasq before 2.90. The default maximum EDNS.0 UDP packet size was set to 4096 but should be 1232 because of DNS Flag Day 2020.

AnalysisAI

An issue was discovered in Dnsmasq before 2.90. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Technical ContextAI

An issue was discovered in Dnsmasq before 2.90. The default maximum EDNS.0 UDP packet size was set to 4096 but should be 1232 because of DNS Flag Day 2020. Affected products include: Thekelleys Dnsmasq. Version information: before 2.90..

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

CVE-2017-14492 CRITICAL POC
9.8 Oct 03

Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execut

CVE-2017-14491 CRITICAL POC
9.8 Oct 04

Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execut

CVE-2017-13704 HIGH
7.5 Oct 03

In dnsmasq before 2.78, if the DNS packet size does not match the expected size, the size parameter in a memset call get

CVE-2017-14495 HIGH POC
7.5 Oct 03

Memory leak in dnsmasq before 2.78, when the --add-mac, --add-cpe-id or --add-subnet option is specified, allows remote

CVE-2017-14496 HIGH POC
7.5 Oct 03

Integer underflow in the add_pseudoheader function in dnsmasq before 2.78 , when the --add-mac, --add-cpe-id or --add-su

CVE-2017-14493 CRITICAL POC
9.8 Oct 03

Stack-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execu

CVE-2017-14494 MEDIUM POC
5.9 Oct 03

dnsmasq before 2.78, when configured as a relay, allows remote attackers to obtain sensitive memory information via vect

CVE-2019-14513 HIGH POC
7.5 Aug 01

Improper bounds checking in Dnsmasq before 2.76 allows an attacker controlled DNS server to send large DNS packets that

CVE-2015-3294 MEDIUM POC
6.4 May 08

The tcp_request function in Dnsmasq before 2.73rc4 does not properly handle the return value of the setup_reply function

CVE-2013-0198 MEDIUM POC
5.0 Mar 05

Dnsmasq before 2.66test2, when used with certain libvirt configurations, replies to queries from prohibited interfaces,

CVE-2026-4892 HIGH
8.4 May 11

Heap-based buffer overflow in dnsmasq's DHCPv6 implementation enables local attackers to execute arbitrary code with roo

CVE-2021-3448 MEDIUM POC
4.0 Apr 08

A flaw was found in dnsmasq in versions before 2.85. Rated medium severity (CVSS 4.0), this vulnerability is remotely ex

Share

CVE-2023-28450 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy