CVE-2021-45955

Опубликовано: 01 янв. 2022

Источник: redhat

CVSS3: 0

Описание

Dnsmasq 2.86 has a heap-based buffer overflow in resize_packet (called from FuzzResizePacket and fuzz_rfc1035.c) because of the lack of a proper bounds check upon pseudo header re-insertion. NOTE: the vendor's position is that CVE-2021-45951 through CVE-2021-45957 "do not represent real vulnerabilities, to the best of our knowledge." However, a contributor states that a security patch (mentioned in 016162.html) is needed

A heap-based out-of-bounds WRITE flaw was found in dnsmasq. A remote attacker who can trigger a packet resize can use this flaw to write up to 50 bytes to the heap via a memmove call.

Отчет

Red Hat Product Security does not consider this to be a vulnerability.

Затронутые пакеты

Платформа	Пакет	Состояние
Red Hat Enterprise Linux 6	dnsmasq	Not affected
Red Hat Enterprise Linux 7	dnsmasq	Not affected
Red Hat Enterprise Linux 8	dnsmasq	Not affected
Red Hat Enterprise Linux 9	dnsmasq	Not affected
Red Hat OpenStack Platform 13 (Queens)	dnsmasq	Not affected

Показывать по

Ссылки на источники

Дополнительная информация

Дефект:

CWE-787

https://bugzilla.redhat.com/show_bug.cgi?id=2048928dnsmasq: heap-based buffer overflow in resize_packet

0 Low

CVSS3

Связанные уязвимости

CVE-2021-45955

CVSS3: 9.8

ubuntu

около 4 лет назад

CVE-2021-45955

CVSS3: 9.8

nvd

около 4 лет назад

CVE-2021-45955

CVSS3: 9.8

msrc

почти 4 года назад

Описание отсутствует

CVE-2021-45955

CVSS3: 9.8

debian

около 4 лет назад

Dnsmasq 2.86 has a heap-based buffer overflow in resize_packet (called ...

GHSA-p5g5-mjp3-mr9m

CVSS3: 9.8

github

около 4 лет назад

Dnsmasq 2.86 has a heap-based buffer overflow in resize_packet (called from FuzzResizePacket and fuzz_rfc1035.c).

0 Low

CVSS3