CVE-2021-45951

CVE-2021-45951

Name

CVE-2021-45951

Description

Dnsmasq 2.86 has a heap-based buffer overflow in check_bad_address (called from check_for_bogus_wildcard and FuzzCheckForBogusWildcard). NOTE: the vendor's position is that CVE-2021-45951 through CVE-2021-45957 "do not represent real vulnerabilities, to the best of our knowledge.

NVD Severity

unknown

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
MISC	https://github.com/google/oss-fuzz-vulns/blob/main/vulns/dnsmasq/OSV-2021-924.yaml
MISC	https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35868
Mailing List	https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2022q1/016164.html
Mailing List	https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2022q1/016162.html

Type

URI

MISC

https://github.com/google/oss-fuzz-vulns/blob/main/vulns/dnsmasq/OSV-2021-924.yaml

MISC

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35868

Mailing List

https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2022q1/016164.html

Mailing List

https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2022q1/016162.html

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:thekelleys:dnsmasq:2.86:::::::*`	dnsmasq	== None	== 2.86

CPE URI

Source package

Min version

Max version

cpe:2.3:a:thekelleys:dnsmasq:2.86:*:*:*:*:*:*:*

dnsmasq

== None

== 2.86

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
dnsmasq	edge-main	2.86-r5	Natanael Copa <ncopa@alpinelinux.org>	fixed
dnsmasq	edge-main	2.86-r3	Natanael Copa <ncopa@alpinelinux.org>	fixed
dnsmasq	edge-main	2.86-r2	Natanael Copa <ncopa@alpinelinux.org>	fixed
dnsmasq	edge-main	2.86-r1	Natanael Copa <ncopa@alpinelinux.org>	fixed
dnsmasq	3.22-main	2.86-r1	None	fixed
dnsmasq	3.21-main	2.86-r1	None	fixed
dnsmasq	3.20-main	2.86-r1	None	fixed
dnsmasq	3.19-main	2.86-r1	None	fixed

Source package

Branch

Version

Maintainer

Status

dnsmasq

edge-main

2.86-r5

Natanael Copa <ncopa@alpinelinux.org>

fixed

dnsmasq

edge-main