Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 867322 (CVE-2022-0934)

Summary: <net-dns/dnsmasq-2.87: write-after-free DoS in dhcpv6
Product: Gentoo Security Reporter: John Helmert III <ajak>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: CONFIRMED ---    
Severity: minor CC: ajak, chutzpah
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2022q1/016272.html
Whiteboard: B3 [glsa?]
Package list:
Runtime testing required: ---

Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-08-29 16:30:15 UTC 
CVE-2022-0934 (https://bugzilla.redhat.com/show_bug.cgi?id=2057075):

A single-byte, non-arbitrary write/use-after-free flaw was found in dnsmasq. This flaw allows an attacker who sends a crafted packet processed by dnsmasq, potentially causing a denial of service.

Patch: https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=03345ecefeb0d82e3c3a4c28f27c3554f0611b39