CVE-2021-45952

CVE-2021-45952

Name

CVE-2021-45952

Description

Dnsmasq 2.86 has a heap-based buffer overflow in dhcp_reply (called from dhcp_packet and FuzzDhcp). NOTE: the vendor's position is that CVE-2021-45951 through CVE-2021-45957 "do not represent real vulnerabilities, to the best of our knowledge.

NVD Severity

unknown

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
MISC	https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35870
MISC	https://github.com/google/oss-fuzz-vulns/blob/main/vulns/dnsmasq/OSV-2021-927.yaml
MISC	https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2022q1/016164.html
MISC	https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2022q1/016162.html

Type

URI

MISC

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35870

MISC

https://github.com/google/oss-fuzz-vulns/blob/main/vulns/dnsmasq/OSV-2021-927.yaml

MISC

https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2022q1/016164.html

MISC

https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2022q1/016162.html

CPE URI	Source package	Min version	Max version
	n/a	== n/a	== n/a

CPE URI

Source package

Min version

Max version

n/a

== n/a

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
dnsmasq	edge-main	2.86-r5	Natanael Copa <ncopa@alpinelinux.org>	fixed
dnsmasq	edge-main	2.86-r3	Natanael Copa <ncopa@alpinelinux.org>	fixed
dnsmasq	edge-main	2.86-r2	Natanael Copa <ncopa@alpinelinux.org>	fixed

Source package

Branch

Version

Maintainer

Status

dnsmasq

edge-main

2.86-r5

Natanael Copa <ncopa@alpinelinux.org>

fixed

dnsmasq

edge-main