CVE-2021-45956

CVE-2021-45956

Name

CVE-2021-45956

Description

Dnsmasq 2.86 has a heap-based buffer overflow in print_mac (called from log_packet and dhcp_reply). NOTE: the vendor's position is that CVE-2021-45951 through CVE-2021-45957 "do not represent real vulnerabilities, to the best of our knowledge.

NVD Severity

high

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
MISC	https://github.com/google/oss-fuzz-vulns/blob/main/vulns/dnsmasq/OSV-2021-933.yaml
MISC	https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35887
MISC	https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2022q1/016164.html
MISC	https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2022q1/016162.html

Type

URI

MISC

https://github.com/google/oss-fuzz-vulns/blob/main/vulns/dnsmasq/OSV-2021-933.yaml

MISC

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35887

MISC

https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2022q1/016164.html

MISC

https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2022q1/016162.html

CPE URI	Source package	Min version	Max version
	n/a	== n/a	== n/a

CPE URI

Source package

Min version

Max version

n/a

== n/a

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
dnsmasq	edge-main	2.86-r5	Natanael Copa <ncopa@alpinelinux.org>	fixed
dnsmasq	edge-main	2.86-r3	Natanael Copa <ncopa@alpinelinux.org>	fixed
dnsmasq	edge-main	2.86-r2	Natanael Copa <ncopa@alpinelinux.org>	fixed

Source package

Branch

Version

Maintainer

Status

dnsmasq

edge-main

2.86-r5

Natanael Copa <ncopa@alpinelinux.org>

fixed

dnsmasq

edge-main