Shodan
Vulnerabilities
Vulnerable Software
Thekelleys:  >> Dnsmasq  >> 1.16  Security Vulnerabilities
CVE-2017-13704
In dnsmasq before 2.78, if the DNS packet size does not match the expected size, the size parameter in a memset call gets a negative value. As it is an unsigned value, memset ends up writing up to 0xffffffff zero's (0xffffffffffffffff in 64 bit platforms), making dnsmasq crash.
CVSS Score
7.5
EPSS Score
0.793
Published
2017-10-03
CVE-2015-8899
Dnsmasq before 2.76 allows remote servers to cause a denial of service (crash) via a reply with an empty DNS address that has an (1) A or (2) AAAA record defined locally.
CVSS Score
7.5
EPSS Score
0.001
Published
2016-06-30
CVE-2012-3411
Dnsmasq before 2.63test1, when used with certain libvirt configurations, replies to requests from prohibited interfaces, which allows remote attackers to cause a denial of service (traffic amplification) via a spoofed DNS query.
CVSS Score
5.0
EPSS Score
0.004
Published
2013-03-05
CVE-2013-0198
Dnsmasq before 2.66test2, when used with certain libvirt configurations, replies to queries from prohibited interfaces, which allows remote attackers to cause a denial of service (traffic amplification) via spoofed TCP based DNS queries. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-3411.
CVSS Score
5.0
EPSS Score
0.001
Published
2013-03-05
CVE-2009-2957
Heap-based buffer overflow in the tftp_request function in tftp.c in dnsmasq before 2.50, when --enable-tftp is used, might allow remote attackers to execute arbitrary code via a long filename in a TFTP packet, as demonstrated by a read (aka RRQ) request.
CVSS Score
6.8
EPSS Score
0.041
Published
2009-09-02
CVE-2009-2958
The tftp_request function in tftp.c in dnsmasq before 2.50, when --enable-tftp is used, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a TFTP read (aka RRQ) request with a malformed blksize option.
CVSS Score
4.3
EPSS Score
0.009
Published
2009-09-02
CVE-2005-0877
Dnsmasq before 2.21 allows remote attackers to poison the DNS cache via answers to queries that were not made by Dnsmasq.
CVSS Score
7.5
EPSS Score
0.001
Published
2005-05-02


Products
Pricing
Contact Us

Shodan ® - All rights reserved