CVE-2023-28450

Name

CVE-2023-28450

Description

An issue was discovered in Dnsmasq before 2.90. The default maximum EDNS.0 UDP packet size was set to 4096 but should be 1232 because of DNS Flag Day 2020.

NVD Severity

medium

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

References

Type	URI
MISC	https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=blob;f=CHANGELOG
MISC	https://capec.mitre.org/data/definitions/495.html
MISC	https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=eb92fb32b746f2104b0f370b5b295bb8dd4bd5e5
MISC	https://thekelleys.org.uk/dnsmasq/doc.html
FEDORA	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OU2ZT4ITSEOOR2CFBAHK4Z67KXJIEWQA/
FEDORA	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6UQ6LKDTLSSD64TBIZ3XEKBM2SWC63VV/

Match rules

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:thekelleys:dnsmasq::::::::`	dnsmasq	>= None	< 2.90

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
dnsmasq	3.17-main	2.87-r2	Natanael Copa <ncopa@alpinelinux.org>	fixed
dnsmasq	3.16-main	2.86-r4	Natanael Copa <ncopa@alpinelinux.org>	fixed
dnsmasq	3.15-main	2.86-r2	Natanael Copa <ncopa@alpinelinux.org>	fixed
dnsmasq	3.14-main	2.85-r3	Natanael Copa <ncopa@alpinelinux.org>	possibly vulnerable
dnsmasq	edge-main	2.89-r5	Natanael Copa <ncopa@alpinelinux.org>	fixed
dnsmasq	3.18-main	2.89-r5	Natanael Copa <ncopa@alpinelinux.org>	fixed