threat
engine
.sh
Back
·
··:··
Home
/
Product
/
thekelleys dnsmasq
Product
thekelleys dnsmasq
40 known vulnerabilities across versions
Vulnerabilities are listed by affected version. Select any CVE for the full briefing and its intelligence graph.
Sort
Newest first
Oldest first
Highest CVSS
Lowest CVSS
Min CVSS
Any
4.0+
7.0+ (High)
9.0+ (Critical)
Published since
Reset
CVE-2023-49441
all versions
dnsmasq 2.9 is vulnerable to Integer Overflow via forward_query.
7.5
HIGH
CVE-2023-50387
< 2.90
Certain DNSSEC aspects of the DNS protocol (in RFC 4033, 4034, 4035, 6840, and related RFCs) allow remote attackers to cause a den
7.5
HIGH
CVE-2023-28450
< 2.90
An issue was discovered in Dnsmasq before 2.90. The default maximum EDNS.0 UDP packet size was set to 4096 but should be 1232 beca
7.5
HIGH
CVE-2022-0934
< 2.87
A single-byte, non-arbitrary write/use-after-free flaw was found in dnsmasq. This flaw allows an attacker who sends a crafted pack
7.5
HIGH
CVE-2021-45957
all versions
Dnsmasq 2.86 has a heap-based buffer overflow in answer_request (called from FuzzAnswerTheRequest and fuzz_rfc1035.c). NOTE: the v
9.8
CRITICAL
CVE-2021-45956
all versions
Dnsmasq 2.86 has a heap-based buffer overflow in print_mac (called from log_packet and dhcp_reply). NOTE: the vendor's position is
9.8
CRITICAL
CVE-2021-45955
all versions
Dnsmasq 2.86 has a heap-based buffer overflow in resize_packet (called from FuzzResizePacket and fuzz_rfc1035.c) because of the la
9.8
CRITICAL
CVE-2021-45954
all versions
Dnsmasq 2.86 has a heap-based buffer overflow in extract_name (called from answer_auth and FuzzAuth). NOTE: the vendor's position
9.8
CRITICAL
CVE-2021-45953
all versions
Dnsmasq 2.86 has a heap-based buffer overflow in extract_name (called from hash_questions and fuzz_util.c). NOTE: the vendor's pos
9.8
CRITICAL
CVE-2021-45952
all versions
Dnsmasq 2.86 has a heap-based buffer overflow in dhcp_reply (called from dhcp_packet and FuzzDhcp). NOTE: the vendor's position is
9.8
CRITICAL
CVE-2021-45951
all versions
Dnsmasq 2.86 has a heap-based buffer overflow in check_bad_address (called from check_for_bogus_wildcard and FuzzCheckForBogusWild
9.8
CRITICAL
CVE-2021-3448
< 2.85
A flaw was found in dnsmasq in versions before 2.85. When configured to use a specific server for a given network interface, dnsma
4.0
MEDIUM
CVE-2020-25687
< 2.83
A flaw was found in dnsmasq before version 2.83. A heap-based buffer overflow was discovered in dnsmasq when DNSSEC is enabled and
5.9
MEDIUM
CVE-2020-25686
< 2.83
A flaw was found in dnsmasq before version 2.83. When receiving a query, dnsmasq does not check for an existing pending request fo
3.7
LOW
CVE-2020-25682
< 2.83
A flaw was found in dnsmasq before 2.83. A buffer overflow vulnerability was discovered in the way dnsmasq extract names from DNS
8.1
HIGH
CVE-2020-25681
< 2.83
A flaw was found in dnsmasq before version 2.83. A heap-based buffer overflow was discovered in the way RRSets are sorted before v
8.1
HIGH
CVE-2020-25685
< 2.83
A flaw was found in dnsmasq before version 2.83. When getting a reply from a forwarded query, dnsmasq checks in forward.c:reply_qu
3.7
LOW
CVE-2020-25684
< 2.83
A flaw was found in dnsmasq before version 2.83. When getting a reply from a forwarded query, dnsmasq checks in the forward.c:repl
3.7
LOW
CVE-2020-25683
< 2.83
A flaw was found in dnsmasq before version 2.83. A heap-based buffer overflow was discovered in dnsmasq when DNSSEC is enabled and
5.9
MEDIUM
CVE-2019-14834
< 2.81
A vulnerability was found in dnsmasq before version 2.81, where the memory leak allows remote attackers to cause a denial of servi
3.7
LOW
CVE-2019-14513
< 2.76
Improper bounds checking in Dnsmasq before 2.76 allows an attacker controlled DNS server to send large DNS packets that result in
7.5
HIGH
CVE-2017-15107
<= 2.78
A vulnerability was found in the implementation of DNSSEC in Dnsmasq up to and including 2.78. Wildcard synthesized NSEC records c
7.5
HIGH
CVE-2017-14491
<= 2.77
Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrar
9.8
CRITICAL
CVE-2017-14496
<= 2.77
Integer underflow in the add_pseudoheader function in dnsmasq before 2.78 , when the --add-mac, --add-cpe-id or --add-subnet optio
7.5
HIGH
CVE-2017-14495
<= 2.77
Memory leak in dnsmasq before 2.78, when the --add-mac, --add-cpe-id or --add-subnet option is specified, allows remote attackers
7.5
HIGH
CVE-2017-14494
<= 2.77
dnsmasq before 2.78, when configured as a relay, allows remote attackers to obtain sensitive memory information via vectors involv
5.9
MEDIUM
CVE-2017-14493
<= 2.77
Stack-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitra
9.8
CRITICAL
CVE-2017-14492
<= 2.77
Heap-based buffer overflow in dnsmasq before 2.78 allows remote attackers to cause a denial of service (crash) or execute arbitrar
9.8
CRITICAL
CVE-2017-13704
<= 2.77
In dnsmasq before 2.78, if the DNS packet size does not match the expected size, the size parameter in a memset call gets a negati
7.5
HIGH
CVE-2015-8899
<= 2.75
Dnsmasq before 2.76 allows remote servers to cause a denial of service (crash) via a reply with an empty DNS address that has an (
7.5
HIGH
CVE-2015-3294
<= 2.73
The tcp_request function in Dnsmasq before 2.73rc4 does not properly handle the return value of the setup_reply function, which al
CVE-2013-0198
<= 2.65
Dnsmasq before 2.66test2, when used with certain libvirt configurations, replies to queries from prohibited interfaces, which allo
CVE-2012-3411
<= 2.62
Dnsmasq before 2.63test1, when used with certain libvirt configurations, replies to requests from prohibited interfaces, which all
CVE-2009-2958
<= 2.49
The tftp_request function in tftp.c in dnsmasq before 2.50, when --enable-tftp is used, allows remote attackers to cause a denial
CVE-2009-2957
<= 2.49
Heap-based buffer overflow in the tftp_request function in tftp.c in dnsmasq before 2.50, when --enable-tftp is used, might allow
CVE-2008-3350
all versions
dnsmasq 2.43 allows remote attackers to cause a denial of service (daemon crash) by (1) sending a DHCPINFORM while lacking a DHCP
CVE-2008-3214
all versions
dnsmasq 2.25 allows remote attackers to cause a denial of service (daemon crash) by (1) renewing a nonexistent lease or (2) sendin
CVE-2006-2017
all versions
Dnsmasq 2.29 allows remote attackers to cause a denial of service (application crash) via a DHCP client broadcast reply request.
CVE-2005-0877
< 2.21
Dnsmasq before 2.21 allows remote attackers to poison the DNS cache via answers to queries that were not made by Dnsmasq.
7.5
HIGH
CVE-2005-0876
all versions
Off-by-one buffer overflow in Dnsmasq before 2.21 may allow attackers to execute arbitrary code via the DHCP lease file.
Vulnerabilities
CISA KEV catalog
CWE weaknesses
CAPEC attack patterns
Package vulnerabilities
Threat intelligence
Threat actors
Tools & malware
ATT&CK techniques
IOCs
Detection & defense
Sigma rules
YARA rules
Atomic Red Team tests
D3FEND countermeasures
Compliance
NIST 800-53
ISO 27001:2022
SOC 2 TSC
PCI-DSS v4.0
CIS Controls v8.1
About
All capabilities
Live statistics
Data sources
Privacy policy
Terms of service
threatengine.sh · Open-source threat intelligence platform · 100+ authoritative sources · Every fact traces to its origin