Описание
No description is available for this CVE.
Отчет
This CVE has been marked as Rejected by the assigning CNA.
Меры по смягчению последствий
No mitigation is currently available that meets Red Hat Product Security’s standards for usability, deployment, applicability, or stability. To reduce the risk, ensure that only trusted and validated configuration files are used by dnsmasq, and restrict write or modification permissions on /etc/dnsmasq.conf and related directories to authorized users. Avoid loading dynamically generated or unverified configurations.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 10 | dnsmasq | Fix deferred | ||
| Red Hat Enterprise Linux 6 | dnsmasq | Fix deferred | ||
| Red Hat Enterprise Linux 7 | dnsmasq | Fix deferred | ||
| Red Hat Enterprise Linux 8 | dnsmasq | Fix deferred | ||
| Red Hat Enterprise Linux 9 | dnsmasq | Fix deferred | ||
| Red Hat OpenShift Container Platform 4 | rhcos | Fix deferred |
Показывать по
Дополнительная информация
Связанные уязвимости
Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: Based on the analysis by MITRE and review of community feedback, the reported conditions represent expected and intentional behavior within dnsmasq's documented design, rather than security vulnerabilities.
Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: Based on the analysis by MITRE and review of community feedback, the reported conditions represent expected and intentional behavior within dnsmasq's documented design, rather than security vulnerabilities.
A vulnerability was found in dnsmasq up to 2.73rc6. Affected by this vulnerability is the function check_servers of the file src/network.c of the component Config File Handler. The manipulation results in null pointer dereference. The attack needs to be approached locally. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.