Every CVE whose affected-product data names Thekelleys Dnsmasq, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (37)
CVE-2021-45956 — CVSS 9.8 (critical): Dnsmasq 2.86 has a heap-based buffer overflow in print_mac (called from log_packet and dhcp_reply). NOTE: the vendor's position is that…
CVE-2021-45955 — CVSS 9.8 (critical): Dnsmasq 2.86 has a heap-based buffer overflow in resize_packet (called from FuzzResizePacket and fuzz_rfc1035.c) because of the lack of a…
CVE-2021-45954 — CVSS 9.8 (critical): Dnsmasq 2.86 has a heap-based buffer overflow in extract_name (called from answer_auth and FuzzAuth). NOTE: the vendor's position is that…
CVE-2021-45953 — CVSS 9.8 (critical): Dnsmasq 2.86 has a heap-based buffer overflow in extract_name (called from hash_questions and fuzz_util.c). NOTE: the vendor's position is…
CVE-2021-45951 — CVSS 9.8 (critical): Dnsmasq 2.86 has a heap-based buffer overflow in check_bad_address (called from check_for_bogus_wildcard and FuzzCheckForBogusWildcard)…
CVE-2017-14492 — CVSS 9.8 (critical): Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code…
CVE-2017-14493 — CVSS 9.8 (critical): Stack-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code…
CVE-2021-45952 — CVSS 9.8 (critical): Dnsmasq 2.86 has a heap-based buffer overflow in dhcp_reply (called from dhcp_packet and FuzzDhcp). NOTE: the vendor's position is that…
CVE-2021-45957 — CVSS 9.8 (critical): Dnsmasq 2.86 has a heap-based buffer overflow in answer_request (called from FuzzAnswerTheRequest and fuzz_rfc1035.c). NOTE: the vendor's…
CVE-2017-14491 — CVSS 9.8 (critical): Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrary code…
CVE-2020-25681 — CVSS 8.1 (high): A flaw was found in dnsmasq before version 2.83. A heap-based buffer overflow was discovered in the way RRSets are sorted before validating…
CVE-2020-25682 — CVSS 8.1 (high): A flaw was found in dnsmasq before 2.83. A buffer overflow vulnerability was discovered in the way dnsmasq extract names from DNS packets…
CVE-2008-3214 — CVSS 7.8 (high): dnsmasq 2.25 allows remote attackers to cause a denial of service (daemon crash) by (1) renewing a nonexistent lease or (2) sending a…
CVE-2023-50387 — CVSS 7.5 (high): Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a denial of…
CVE-2015-8899 — CVSS 7.5 (high): Dnsmasq before 2.76 allows remote servers to cause a denial of service (crash) via a reply with an empty DNS address that has an (1) A or…
CVE-2017-13704 — CVSS 7.5 (high): In dnsmasq before 2.78, if the DNS packet size does not match the expected size, the size parameter in a memset call gets a negative value…
CVE-2017-14495 — CVSS 7.5 (high): Memory leak in dnsmasq before 2.78, when the --add-mac, --add-cpe-id or --add-subnet option is specified, allows remote attackers to cause…
CVE-2017-14496 — CVSS 7.5 (high): Integer underflow in the add_pseudoheader function in dnsmasq before 2.78 , when the --add-mac, --add-cpe-id or --add-subnet option is…
CVE-2017-15107 — CVSS 7.5 (high): A vulnerability was found in the implementation of DNSSEC in Dnsmasq up to and including 2.78. Wildcard synthesized NSEC records could be…
CVE-2019-14513 — CVSS 7.5 (high): Improper bounds checking in Dnsmasq before 2.76 allows an attacker controlled DNS server to send large DNS packets that result in a read…
CVE-2022-0934 — CVSS 7.5 (high): A single-byte, non-arbitrary write/use-after-free flaw was found in dnsmasq. This flaw allows an attacker who sends a crafted packet…
CVE-2023-28450 — CVSS 7.5 (high): An issue was discovered in Dnsmasq before 2.90. The default maximum EDNS.0 UDP packet size was set to 4096 but should be 1232 because of…
CVE-2005-0877 — CVSS 7.5 (high): Dnsmasq before 2.21 allows remote attackers to poison the DNS cache via answers to queries that were not made by Dnsmasq.
CVE-2009-2957 — CVSS 6.8 (medium): Heap-based buffer overflow in the tftp_request function in tftp.c in dnsmasq before 2.50, when --enable-tftp is used, might allow remote…
CVE-2015-3294 — CVSS 6.4 (medium): The tcp_request function in Dnsmasq before 2.73rc4 does not properly handle the return value of the setup_reply function, which allows…
CVE-2020-25683 — CVSS 5.9 (medium): A flaw was found in dnsmasq before version 2.83. A heap-based buffer overflow was discovered in dnsmasq when DNSSEC is enabled and before…
CVE-2020-25687 — CVSS 5.9 (medium): A flaw was found in dnsmasq before version 2.83. A heap-based buffer overflow was discovered in dnsmasq when DNSSEC is enabled and before…
CVE-2017-14494 — CVSS 5.9 (medium): dnsmasq before 2.78, when configured as a relay, allows remote attackers to obtain sensitive memory information via vectors involving…
CVE-2012-3411 — CVSS 5.0 (medium): Dnsmasq before 2.63test1, when used with certain libvirt configurations, replies to requests from prohibited interfaces, which allows…
CVE-2013-0198 — CVSS 5.0 (medium): Dnsmasq before 2.66test2, when used with certain libvirt configurations, replies to queries from prohibited interfaces, which allows remote…
CVE-2009-2958 — CVSS 4.3 (medium): The tftp_request function in tftp.c in dnsmasq before 2.50, when --enable-tftp is used, allows remote attackers to cause a denial of…
CVE-2021-3448 — CVSS 4.0 (medium): A flaw was found in dnsmasq in versions before 2.85. When configured to use a specific server for a given network interface, dnsmasq uses a…
CVE-2019-14834 — CVSS 3.7 (low): A vulnerability was found in dnsmasq before version 2.81, where the memory leak allows remote attackers to cause a denial of service…
CVE-2020-25684 — CVSS 3.7 (low): A flaw was found in dnsmasq before version 2.83. When getting a reply from a forwarded query, dnsmasq checks in the forward.c:reply_query()…
CVE-2020-25685 — CVSS 3.7 (low): A flaw was found in dnsmasq before version 2.83. When getting a reply from a forwarded query, dnsmasq checks in forward.c:reply_query()…
CVE-2020-25686 — CVSS 3.7 (low): A flaw was found in dnsmasq before version 2.83. When receiving a query, dnsmasq does not check for an existing pending request for the…