CVE-2021-45955
Published: 1 January 2022
** DISPUTED ** Dnsmasq 2.86 has a heap-based buffer overflow in resize_packet (called from FuzzResizePacket and fuzz_rfc1035.c) because of the lack of a proper bounds check upon pseudo header re-insertion. NOTE: the vendor's position is that CVE-2021-45951 through CVE-2021-45957 "do not represent real vulnerabilities, to the best of our knowledge." However, a contributor states that a security patch (mentioned in 016162.html) is needed.
Priority
CVSS 3 base score: 9.8
Notes
Author | Note |
---|---|
mdeslaur | vendor has disputed this CVE, marking as not-affected |
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45955
- https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35898
- https://github.com/google/oss-fuzz-vulns/blob/main/vulns/dnsmasq/OSV-2021-932.yaml
- NVD
- Launchpad
- Debian