CVE-2015-8899

Published: 31 December 2015

Dnsmasq before 2.76 allows remote servers to cause a denial of service (crash) via a reply with an empty DNS address that has an (1) A or (2) AAAA record defined locally.

Priority

Medium

CVSS 3 base score: 7.5

Status

Package Release Status
dnsmasq
Launchpad, Ubuntu, Debian
Upstream
Released (2.76-1)
Ubuntu 16.04 ESM (Xenial Xerus)
Released (2.75-1ubuntu0.16.04.1)
Ubuntu 14.04 ESM (Trusty Tahr) Not vulnerable
(code not present)
Patches:
Upstream: http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=41a8d9e99be9f2cc8b02051dd322cb45e0faac87