CVE-2015-3294
Published: 27 April 2015
The tcp_request function in Dnsmasq before 2.73rc4 does not properly handle the return value of the setup_reply function, which allows remote attackers to read process memory and cause a denial of service (out-of-bounds read and crash) via a malformed DNS request.
Priority
Status
Package | Release | Status |
---|---|---|
dnsmasq Launchpad, Ubuntu, Debian |
lucid |
Ignored
(end of life)
|
precise |
Released
(2.59-4ubuntu0.2)
|
|
trusty |
Released
(2.68-1ubuntu0.1)
|
|
upstream |
Needed
|
|
utopic |
Released
(2.71-1ubuntu0.1)
|
|
vivid |
Released
(2.72-3ubuntu0.1)
|
|
Patches: upstream: http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=ad4a8ff7d9097008d7623df8543df435bfddeac8 |