[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248392

 
 

909

 
 

195452

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2015-3294Date: (C)2015-05-11   (M)2023-12-22


The tcp_request function in Dnsmasq before 2.73rc4 does not properly handle the return value of the setup_reply function, which allows remote attackers to read process memory and cause a denial of service (out-of-bounds read and crash) via a malformed DNS request.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V2 Severity:
CVSS Score : 6.4
Exploit Score: 10.0
Impact Score: 4.9
 
CVSS V2 Metrics:
Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality: PARTIAL
Integrity: NONE
Availability: PARTIAL
  
Reference:
SECTRACK-1032195
http://www.securityfocus.com/archive/1/535354/100/1100/threaded
BID-74452
DSA-3251
GLSA-201512-01
USN-2593-1
http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2015q2/009387.html
http://thekelleys.org.uk/gitweb/?p=dnsmasq.git%3Ba=commitdiff%3Bh=ad4a8ff7d9097008d7623df8543df435bfddeac8
http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html
openSUSE-SU-2015:0857

CPE    1
cpe:/o:oracle:solaris:11.2
CWE    1
CWE-19
OVAL    4
oval:org.secpod.oval:def:702540
oval:org.secpod.oval:def:89044703
oval:org.secpod.oval:def:602069
oval:org.secpod.oval:def:52472
...

© SecPod Technologies