CVE-2015-3294

Publication date 27 April 2015

Last updated 24 July 2024

Ubuntu priority

The tcp_request function in Dnsmasq before 2.73rc4 does not properly handle the return value of the setup_reply function, which allows remote attackers to read process memory and cause a denial of service (out-of-bounds read and crash) via a malformed DNS request.

Status

Show unmaintained releases

Package	Ubuntu Release	Status
dnsmasq	15.04 vivid	Fixed 2.72-3ubuntu0.1
	14.10 utopic	Fixed 2.71-1ubuntu0.1
	14.04 LTS trusty	Fixed 2.68-1ubuntu0.1
	12.04 LTS precise	Fixed 2.59-4ubuntu0.2
	10.04 LTS lucid	Ignored end of life

How can I get the fixes?
What do statuses mean?
Patch details

Patch details

For informational purposes only. We recommend not to cherry-pick updates. How can I get the fixes?

Package	Patch details
dnsmasq	Upstream: http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=ad4a8ff7d9097008d7623df8543df435bfddeac8

References

MITRE
NVD
Launchpad
Debian

Related Ubuntu Security Notices (USN)

USN-2593-1
Dnsmasq vulnerability
4 May 2015

Other references

http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2015q2/009382.html
https://www.obrela.com/home/security-labs/advisories/osi-advisory-osi-1502/
https://www.cve.org/CVERecord?id=CVE-2015-3294