CVE-2015-3294

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2015-3294
The tcp_request function in Dnsmasq before 2.73rc4 does not properly handle the return value of the setup_reply function, which allows remote attackers to read process memory and cause a denial of service (out-of-bounds read and crash) via a malformed DNS request.

6.4 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:L/Au:N/C:P/I:N/A:P

Exploitability : 10.0 / Impact : 4.9

Access Vector NETWORK

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact PARTIAL

References
Link Resource
http://lists.opensuse.org/opensuse-updates/2015-05/msg00013.html
http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2015q2/009382.html Exploit
http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2015q2/009387.html Third Party Advisory
http://thekelleys.org.uk/gitweb/?p=dnsmasq.git%3Ba=commitdiff%3Bh=ad4a8ff7d9097008d7623df8543df435bfddeac8
http://www.debian.org/security/2015/dsa-3251 Vendor Advisory
http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html Third Party Advisory
http://www.securityfocus.com/archive/1/535354/100/1100/threaded
http://www.securityfocus.com/bid/74452
http://www.securitytracker.com/id/1032195
http://www.ubuntu.com/usn/USN-2593-1 Vendor Advisory
https://security.gentoo.org/glsa/201512-01
http://lists.opensuse.org/opensuse-updates/2015-05/msg00013.html
http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2015q2/009382.html Exploit
http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2015q2/009387.html Third Party Advisory
http://thekelleys.org.uk/gitweb/?p=dnsmasq.git%3Ba=commitdiff%3Bh=ad4a8ff7d9097008d7623df8543df435bfddeac8
http://www.debian.org/security/2015/dsa-3251 Vendor Advisory
http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html Third Party Advisory
http://www.securityfocus.com/archive/1/535354/100/1100/threaded
http://www.securityfocus.com/bid/74452
http://www.securitytracker.com/id/1032195
http://www.ubuntu.com/usn/USN-2593-1 Vendor Advisory
https://security.gentoo.org/glsa/201512-01
Configurations

Configuration 1 (hide)

cpe:2.3:a:thekelleys:dnsmasq:*:rc3:*:*:*:*:*:*

Configuration 2 (hide)

cpe:2.3:o:oracle:solaris:11.2:*:*:*:*:*:*:*
History

No history.

Information

Published : 2015-05-08 14:59

Updated : 2025-04-12 10:46

NVD link : CVE-2015-3294

Mitre link : CVE-2015-3294

CVE.ORG link : CVE-2015-3294

JSON object : View

Products Affected

oracle

  • solaris

thekelleys

  • dnsmasq
CWE
CWE-19

Data Processing Errors