Hide Forgot
A flaw was found in dnsmasq. A heap use after free issue in the dhcp6 server may lead to remote denial of service via crafted packet. References: https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2022q1/016272.html
This flaw were found independently also by Richard Johnson of Trellix ATR (richard.johnson@trellix.com), reported few days after me to upstream. Should we wait for CVE assignment or fix it just without it? It were not yet made public as far as I know.
marking OSD4 affected/wontfix; dnsmasq present but dhcp6 not used
Upstream patch commit: https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=03345ecefeb0d82e3c3a4c28f27c3554f0611b39
I have just checked https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0934 and it is still reserved only. Could that be updated also?