Bug 830367 (CVE-2021-45951, CVE-2021-45952, CVE-2021-45953, CVE-2021-45954, CVE-2021-45955, CVE-2021-45956, CVE-2021-45957)

Description Sam James 2022-01-01 02:00:23 UTC

CVE-2021-45957 (https://github.com/google/oss-fuzz-vulns/blob/main/vulns/dnsmasq/OSV-2021-935.yaml):

Dnsmasq 2.86 has a heap-based buffer overflow in answer_request (called from FuzzAnswerTheRequest and fuzz_rfc1035.c).

CVE-2021-45956 (https://github.com/google/oss-fuzz-vulns/blob/main/vulns/dnsmasq/OSV-2021-933.yaml):

Dnsmasq 2.86 has a heap-based buffer overflow in print_mac (called from log_packet and dhcp_reply).

CVE-2021-45955 (https://github.com/google/oss-fuzz-vulns/blob/main/vulns/dnsmasq/OSV-2021-932.yaml):

Dnsmasq 2.86 has a heap-based buffer overflow in resize_packet (called from FuzzResizePacket and fuzz_rfc1035.c).

CVE-2021-45954 (https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35861):

Dnsmasq 2.86 has a heap-based buffer overflow in extract_name (called from answer_auth and FuzzAuth).

CVE-2021-45953 (https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35858):

Dnsmasq 2.86 has a heap-based buffer overflow in extract_name (called from hash_questions and fuzz_util.c).

CVE-2021-45952 (https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35870):

Dnsmasq 2.86 has a heap-based buffer overflow in dhcp_reply (called from dhcp_packet and FuzzDhcp).

CVE-2021-45951 (https://github.com/google/oss-fuzz-vulns/blob/main/vulns/dnsmasq/OSV-2021-924.yaml):

Dnsmasq 2.86 has a heap-based buffer overflow in check_bad_address (called from check_for_bogus_wildcard and FuzzCheckForBogusWildcard).