CVE-2023-28450

Severity

75%

Complexity

39%

Confidentiality

60%

An issue was discovered in Dnsmasq before 2.90. The default maximum EDNS.0 UDP packet size was set to 4096 but should be 1232 because of DNS Flag Day 2020.

CVSS 3.1 Base Score 7.5. CVSS Attack Vector: network. CVSS Attack Complexity: low. CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H).

Overview

First reported 1 year ago

2023-03-15 21:15:00

Last updated 1 year ago

2023-11-07 04:10:00

Affected Software

thekelleys dnsmasq

References

https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=blob;f=CHANGELOG

https://capec.mitre.org/data/definitions/495.html

https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=eb92fb32b746f2104b0f370b5b295bb8dd4bd5e5

https://thekelleys.org.uk/dnsmasq/doc.html

https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=blob;f=CHANGELOG

Release Notes

https://capec.mitre.org/data/definitions/495.html

Not Applicable

https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=eb92fb32b746f2104b0f370b5b295bb8dd4bd5e5

Patch

https://thekelleys.org.uk/dnsmasq/doc.html

Product

FEDORA-2023-828bf01834

FEDORA-2023-eeca11a4df

https://thekelleys.org.uk/gitweb/?p=dnsmasq.git%3Ba=commit%3Bh=eb92fb32b746f2104b0f370b5b295bb8dd4bd5e5

https://thekelleys.org.uk/gitweb/?p=dnsmasq.git%3Ba=blob%3Bf=CHANGELOG

FEDORA-2023-828bf01834

FEDORA-2023-eeca11a4df

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.