1215747 – (CVE-2015-3294) CVE-2015-3294 dnsmasq: unchecked return value of the setup_reply() function

Bug 1215747 (CVE-2015-3294) - CVE-2015-3294 dnsmasq: unchecked return value of the setup_reply() function

Summary: CVE-2015-3294 dnsmasq: unchecked return value of the setup_reply() function

Keywords:
Status:	CLOSED WONTFIX
Alias:	CVE-2015-3294
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Red Hat Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:	1215748
TreeView+	depends on / blocked

Reported:	2015-04-27 16:16 UTC by Martin Prpič
Modified:	2021-02-17 05:21 UTC (History)
CC List:	20 users (show)
Fixed In Version:	dnsmasq 2.73rc4
Doc Type:	Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed:	2015-05-28 08:44:00 UTC
Embargoed:

Attachments	(Terms of Use)

Description Martin Prpič 2015-04-27 16:16:26 UTC

The following flaw was found in dnsmasq:

Dnsmasq does not properly check the return value of the setup_reply() function called during a tcp connection (by the tcp_request() function). This return value is then used as a size argument in a function which writes data on the client's connection. This may lead, upon successful exploitation, to reading the heap memory of dnsmasq.

This issue is fixed in dnsmasq-2.73rc4:

http://www.thekelleys.org.uk/dnsmasq/release-candidates/

External References:

https://www.obrela.com/home/security-labs/advisories/osi-advisory-osi-1502/

Note You need to log in before you can comment on or make changes to this bug.

abaron
aortega
apevec
ayoung
carnil
chrisw
dallan
gkotton
itamar
laine
lhh
lpeer
markmc
phracek
psimerda
rbryant
sclewis
thozza
veillard
yeylon