Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2022-0934 (GCVE-0-2022-0934)
Vulnerability from cvelistv5 – Published: 2022-08-29 14:03 – Updated: 2025-11-03 21:45
VLAI
EPSS
Summary
A single-byte, non-arbitrary write/use-after-free flaw was found in dnsmasq. This flaw allows an attacker who sends a crafted packet processed by dnsmasq, potentially causing a denial of service.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: partial
CISA Coordinator (v2.0.3)
CWE
- CWE-416 - - Use After Free
Assigner
References
5 references
| URL | Tags |
|---|---|
| https://bugzilla.redhat.com/show_bug.cgi?id=2057075 | x_refsource_MISC |
| https://lists.thekelleys.org.uk/pipermail/dnsmasq… | x_refsource_MISC |
| https://thekelleys.org.uk/gitweb/?p=dnsmasq.git%3… | x_refsource_MISC |
| https://access.redhat.com/security/cve/CVE-2022-0934 | x_refsource_MISC |
| https://lists.debian.org/debian-lts-announce/2024… |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-03T21:45:45.666Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2057075"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2022q1/016272.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://thekelleys.org.uk/gitweb/?p=dnsmasq.git%3Ba=commit%3Bh=03345ecefeb0d82e3c3a4c28f27c3554f0611b39"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://access.redhat.com/security/cve/CVE-2022-0934"
},
{
"url": "https://lists.debian.org/debian-lts-announce/2024/11/msg00035.html"
}
],
"title": "CVE Program Container"
},
{
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
{
"other": {
"content": {
"id": "CVE-2022-0934",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-06-10T13:19:58.915127Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-06-10T13:21:02.426Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "dnsmasq",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "Not-Known"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A single-byte, non-arbitrary write/use-after-free flaw was found in dnsmasq. This flaw allows an attacker who sends a crafted packet processed by dnsmasq, potentially causing a denial of service."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-416",
"description": "CWE-416 - Use After Free",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-29T14:03:02.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2057075"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2022q1/016272.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://thekelleys.org.uk/gitweb/?p=dnsmasq.git%3Ba=commit%3Bh=03345ecefeb0d82e3c3a4c28f27c3554f0611b39"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://access.redhat.com/security/cve/CVE-2022-0934"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2022-0934",
"datePublished": "2022-08-29T14:03:02.000Z",
"dateReserved": "2022-03-11T00:00:00.000Z",
"dateUpdated": "2025-11-03T21:45:45.666Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2022-0934",
"date": "2026-06-05",
"epss": "0.00019",
"percentile": "0.05391"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:thekelleys:dnsmasq:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"2.87\", \"matchCriteriaId\": \"D7313DE5-EF30-46AC-81F4-5F28B7F2F1AA\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"F4CFF558-3C47-480D-A2F0-BABF26042943\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"7F6FB57C-2BC7-487C-96DD-132683AEB35D\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"A single-byte, non-arbitrary write/use-after-free flaw was found in dnsmasq. This flaw allows an attacker who sends a crafted packet processed by dnsmasq, potentially causing a denial of service.\"}, {\"lang\": \"es\", \"value\": \"En dnsmasq ha sido encontrado un fallo de escritura/uso de memoria previamente liberada de un byte no arbitrario. Este fallo permite a un atacante que env\\u00ede un paquete dise\\u00f1ado procesado por dnsmasq, causando potencialmente una denegaci\\u00f3n de servicio\"}]",
"id": "CVE-2022-0934",
"lastModified": "2024-11-21T06:39:41.650",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}]}",
"published": "2022-08-29T15:15:10.087",
"references": "[{\"url\": \"https://access.redhat.com/security/cve/CVE-2022-0934\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=2057075\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Issue Tracking\", \"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2022q1/016272.html\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Mailing List\", \"Vendor Advisory\"]}, {\"url\": \"https://thekelleys.org.uk/gitweb/?p=dnsmasq.git%3Ba=commit%3Bh=03345ecefeb0d82e3c3a4c28f27c3554f0611b39\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Broken Link\"]}, {\"url\": \"https://access.redhat.com/security/cve/CVE-2022-0934\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=2057075\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\", \"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2022q1/016272.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Vendor Advisory\"]}, {\"url\": \"https://thekelleys.org.uk/gitweb/?p=dnsmasq.git%3Ba=commit%3Bh=03345ecefeb0d82e3c3a4c28f27c3554f0611b39\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Broken Link\"]}]",
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"secalert@redhat.com\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-416\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-416\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2022-0934\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2022-08-29T15:15:10.087\",\"lastModified\":\"2025-11-03T22:15:55.280\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A single-byte, non-arbitrary write/use-after-free flaw was found in dnsmasq. This flaw allows an attacker who sends a crafted packet processed by dnsmasq, potentially causing a denial of service.\"},{\"lang\":\"es\",\"value\":\"En dnsmasq ha sido encontrado un fallo de escritura/uso de memoria previamente liberada de un byte no arbitrario. Este fallo permite a un atacante que env\u00ede un paquete dise\u00f1ado procesado por dnsmasq, causando potencialmente una denegaci\u00f3n de servicio\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6},{\"source\":\"134c704f-9b21-4f2e-91b3-4a467353bcc0\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-416\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-416\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:thekelleys:dnsmasq:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.87\",\"matchCriteriaId\":\"D7313DE5-EF30-46AC-81F4-5F28B7F2F1AA\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"F4CFF558-3C47-480D-A2F0-BABF26042943\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"7F6FB57C-2BC7-487C-96DD-132683AEB35D\"}]}]}],\"references\":[{\"url\":\"https://access.redhat.com/security/cve/CVE-2022-0934\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=2057075\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2022q1/016272.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Mailing List\",\"Vendor Advisory\"]},{\"url\":\"https://thekelleys.org.uk/gitweb/?p=dnsmasq.git%3Ba=commit%3Bh=03345ecefeb0d82e3c3a4c28f27c3554f0611b39\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Broken Link\"]},{\"url\":\"https://access.redhat.com/security/cve/CVE-2022-0934\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=2057075\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2024/11/msg00035.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2022q1/016272.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Vendor Advisory\"]},{\"url\":\"https://thekelleys.org.uk/gitweb/?p=dnsmasq.git%3Ba=commit%3Bh=03345ecefeb0d82e3c3a4c28f27c3554f0611b39\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Broken Link\"]}]}}",
"vulnrichment": {
"containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=2057075\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2022q1/016272.html\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://thekelleys.org.uk/gitweb/?p=dnsmasq.git%3Ba=commit%3Bh=03345ecefeb0d82e3c3a4c28f27c3554f0611b39\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://access.redhat.com/security/cve/CVE-2022-0934\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2024/11/msg00035.html\"}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2025-11-03T21:45:45.666Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.5, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"integrityImpact\": \"NONE\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"NONE\"}}, {\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2022-0934\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-06-10T13:19:58.915127Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-06-10T13:20:25.004Z\"}}], \"cna\": {\"affected\": [{\"vendor\": \"n/a\", \"product\": \"dnsmasq\", \"versions\": [{\"status\": \"affected\", \"version\": \"Not-Known\"}]}], \"references\": [{\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=2057075\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2022q1/016272.html\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://thekelleys.org.uk/gitweb/?p=dnsmasq.git%3Ba=commit%3Bh=03345ecefeb0d82e3c3a4c28f27c3554f0611b39\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://access.redhat.com/security/cve/CVE-2022-0934\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"A single-byte, non-arbitrary write/use-after-free flaw was found in dnsmasq. This flaw allows an attacker who sends a crafted packet processed by dnsmasq, potentially causing a denial of service.\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-416\", \"description\": \"CWE-416 - Use After Free\"}]}], \"providerMetadata\": {\"orgId\": \"53f830b8-0a3f-465b-8143-3b8a9948e749\", \"shortName\": \"redhat\", \"dateUpdated\": \"2022-08-29T14:03:02.000Z\"}}}",
"cveMetadata": "{\"cveId\": \"CVE-2022-0934\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-11-03T21:45:45.666Z\", \"dateReserved\": \"2022-03-11T00:00:00.000Z\", \"assignerOrgId\": \"53f830b8-0a3f-465b-8143-3b8a9948e749\", \"datePublished\": \"2022-08-29T14:03:02.000Z\", \"assignerShortName\": \"redhat\"}",
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
}
}
MSRC_CVE-2022-0934
Vulnerability from csaf_microsoft - Published: 2022-08-02 00:00 - Updated: 2023-03-08 00:00Summary
A single-byte non-arbitrary write/use-after-free flaw was found in dnsmasq. This flaw allows an attacker who sends a crafted packet processed by dnsmasq potentially causing a denial of service.
Notes
Additional Resources: To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle
Disclaimer: The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
References
4 references
| URL | Category |
|---|---|
| https://msrc.microsoft.com/csaf/vex/2022/msrc_cve… | self |
| https://support.microsoft.com/lifecycle | external |
| https://www.first.org/cvss | external |
| https://msrc.microsoft.com/csaf/vex/2022/msrc_cve… | self |
{
"document": {
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Public",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
"title": "Disclaimer"
}
],
"publisher": {
"category": "vendor",
"contact_details": "secure@microsoft.com",
"name": "Microsoft Security Response Center",
"namespace": "https://msrc.microsoft.com"
},
"references": [
{
"category": "self",
"summary": "CVE-2022-0934 A single-byte non-arbitrary write/use-after-free flaw was found in dnsmasq. This flaw allows an attacker who sends a crafted packet processed by dnsmasq potentially causing a denial of service. - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2022/msrc_cve-2022-0934.json"
},
{
"category": "external",
"summary": "Microsoft Support Lifecycle",
"url": "https://support.microsoft.com/lifecycle"
},
{
"category": "external",
"summary": "Common Vulnerability Scoring System",
"url": "https://www.first.org/cvss"
}
],
"title": "A single-byte non-arbitrary write/use-after-free flaw was found in dnsmasq. This flaw allows an attacker who sends a crafted packet processed by dnsmasq potentially causing a denial of service.",
"tracking": {
"current_release_date": "2023-03-08T00:00:00.000Z",
"generator": {
"date": "2025-10-19T23:51:07.209Z",
"engine": {
"name": "MSRC Generator",
"version": "1.0"
}
},
"id": "msrc_CVE-2022-0934",
"initial_release_date": "2022-08-02T00:00:00.000Z",
"revision_history": [
{
"date": "2023-03-08T00:00:00.000Z",
"legacy_version": "1",
"number": "1",
"summary": "Information published."
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "2.0",
"product": {
"name": "CBL Mariner 2.0",
"product_id": "17086"
}
}
],
"category": "product_name",
"name": "Azure Linux"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003ccbl2 dnsmasq 2.89-1",
"product": {
"name": "\u003ccbl2 dnsmasq 2.89-1",
"product_id": "1"
}
},
{
"category": "product_version",
"name": "cbl2 dnsmasq 2.89-1",
"product": {
"name": "cbl2 dnsmasq 2.89-1",
"product_id": "19470"
}
}
],
"category": "product_name",
"name": "dnsmasq"
}
],
"category": "vendor",
"name": "Microsoft"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003ccbl2 dnsmasq 2.89-1 as a component of CBL Mariner 2.0",
"product_id": "17086-1"
},
"product_reference": "1",
"relates_to_product_reference": "17086"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cbl2 dnsmasq 2.89-1 as a component of CBL Mariner 2.0",
"product_id": "19470-17086"
},
"product_reference": "19470",
"relates_to_product_reference": "17086"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-0934",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"notes": [
{
"category": "general",
"text": "redhat",
"title": "Assigning CNA"
}
],
"product_status": {
"fixed": [
"19470-17086"
],
"known_affected": [
"17086-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2022-0934 A single-byte non-arbitrary write/use-after-free flaw was found in dnsmasq. This flaw allows an attacker who sends a crafted packet processed by dnsmasq potentially causing a denial of service. - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2022/msrc_cve-2022-0934.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"date": "2023-03-08T00:00:00.000Z",
"details": "2.89-1:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"17086-1"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"environmentalsScore": 0.0,
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 7.5,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"17086-1"
]
}
],
"title": "A single-byte non-arbitrary write/use-after-free flaw was found in dnsmasq. This flaw allows an attacker who sends a crafted packet processed by dnsmasq potentially causing a denial of service."
}
]
}
OPENSUSE-SU-2024:11998-1
Vulnerability from csaf_opensuse - Published: 2024-06-15 00:00 - Updated: 2024-06-15 00:00Summary
dnsmasq-2.86-4.1 on GA media
Severity
Moderate
Notes
Title of the patch: dnsmasq-2.86-4.1 on GA media
Description of the patch: These are all security issues fixed in the dnsmasq-2.86-4.1 package on the GA media of openSUSE Tumbleweed.
Patchnames: openSUSE-Tumbleweed-2024-11998
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
6.5 (Medium)
Affected products
Recommended
8 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Tumbleweed:dnsmasq-2.86-4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:dnsmasq-2.86-4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:dnsmasq-2.86-4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:dnsmasq-2.86-4.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:dnsmasq-utils-2.86-4.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:dnsmasq-utils-2.86-4.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:dnsmasq-utils-2.86-4.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Tumbleweed:dnsmasq-utils-2.86-4.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
5 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "dnsmasq-2.86-4.1 on GA media",
"title": "Title of the patch"
},
{
"category": "description",
"text": "These are all security issues fixed in the dnsmasq-2.86-4.1 package on the GA media of openSUSE Tumbleweed.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-Tumbleweed-2024-11998",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2024_11998-1.json"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-0934 page",
"url": "https://www.suse.com/security/cve/CVE-2022-0934/"
}
],
"title": "dnsmasq-2.86-4.1 on GA media",
"tracking": {
"current_release_date": "2024-06-15T00:00:00Z",
"generator": {
"date": "2024-06-15T00:00:00Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2024:11998-1",
"initial_release_date": "2024-06-15T00:00:00Z",
"revision_history": [
{
"date": "2024-06-15T00:00:00Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "dnsmasq-2.86-4.1.aarch64",
"product": {
"name": "dnsmasq-2.86-4.1.aarch64",
"product_id": "dnsmasq-2.86-4.1.aarch64"
}
},
{
"category": "product_version",
"name": "dnsmasq-utils-2.86-4.1.aarch64",
"product": {
"name": "dnsmasq-utils-2.86-4.1.aarch64",
"product_id": "dnsmasq-utils-2.86-4.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "dnsmasq-2.86-4.1.ppc64le",
"product": {
"name": "dnsmasq-2.86-4.1.ppc64le",
"product_id": "dnsmasq-2.86-4.1.ppc64le"
}
},
{
"category": "product_version",
"name": "dnsmasq-utils-2.86-4.1.ppc64le",
"product": {
"name": "dnsmasq-utils-2.86-4.1.ppc64le",
"product_id": "dnsmasq-utils-2.86-4.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "dnsmasq-2.86-4.1.s390x",
"product": {
"name": "dnsmasq-2.86-4.1.s390x",
"product_id": "dnsmasq-2.86-4.1.s390x"
}
},
{
"category": "product_version",
"name": "dnsmasq-utils-2.86-4.1.s390x",
"product": {
"name": "dnsmasq-utils-2.86-4.1.s390x",
"product_id": "dnsmasq-utils-2.86-4.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "dnsmasq-2.86-4.1.x86_64",
"product": {
"name": "dnsmasq-2.86-4.1.x86_64",
"product_id": "dnsmasq-2.86-4.1.x86_64"
}
},
{
"category": "product_version",
"name": "dnsmasq-utils-2.86-4.1.x86_64",
"product": {
"name": "dnsmasq-utils-2.86-4.1.x86_64",
"product_id": "dnsmasq-utils-2.86-4.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Tumbleweed",
"product": {
"name": "openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:tumbleweed"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-2.86-4.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:dnsmasq-2.86-4.1.aarch64"
},
"product_reference": "dnsmasq-2.86-4.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-2.86-4.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:dnsmasq-2.86-4.1.ppc64le"
},
"product_reference": "dnsmasq-2.86-4.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-2.86-4.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:dnsmasq-2.86-4.1.s390x"
},
"product_reference": "dnsmasq-2.86-4.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-2.86-4.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:dnsmasq-2.86-4.1.x86_64"
},
"product_reference": "dnsmasq-2.86-4.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-utils-2.86-4.1.aarch64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:dnsmasq-utils-2.86-4.1.aarch64"
},
"product_reference": "dnsmasq-utils-2.86-4.1.aarch64",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-utils-2.86-4.1.ppc64le as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:dnsmasq-utils-2.86-4.1.ppc64le"
},
"product_reference": "dnsmasq-utils-2.86-4.1.ppc64le",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-utils-2.86-4.1.s390x as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:dnsmasq-utils-2.86-4.1.s390x"
},
"product_reference": "dnsmasq-utils-2.86-4.1.s390x",
"relates_to_product_reference": "openSUSE Tumbleweed"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-utils-2.86-4.1.x86_64 as component of openSUSE Tumbleweed",
"product_id": "openSUSE Tumbleweed:dnsmasq-utils-2.86-4.1.x86_64"
},
"product_reference": "dnsmasq-utils-2.86-4.1.x86_64",
"relates_to_product_reference": "openSUSE Tumbleweed"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2022-0934",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-0934"
}
],
"notes": [
{
"category": "general",
"text": "A single-byte, non-arbitrary write/use-after-free flaw was found in dnsmasq. This flaw allows an attacker who sends a crafted packet processed by dnsmasq, potentially causing a denial of service.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Tumbleweed:dnsmasq-2.86-4.1.aarch64",
"openSUSE Tumbleweed:dnsmasq-2.86-4.1.ppc64le",
"openSUSE Tumbleweed:dnsmasq-2.86-4.1.s390x",
"openSUSE Tumbleweed:dnsmasq-2.86-4.1.x86_64",
"openSUSE Tumbleweed:dnsmasq-utils-2.86-4.1.aarch64",
"openSUSE Tumbleweed:dnsmasq-utils-2.86-4.1.ppc64le",
"openSUSE Tumbleweed:dnsmasq-utils-2.86-4.1.s390x",
"openSUSE Tumbleweed:dnsmasq-utils-2.86-4.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-0934",
"url": "https://www.suse.com/security/cve/CVE-2022-0934"
},
{
"category": "external",
"summary": "SUSE Bug 1197872 for CVE-2022-0934",
"url": "https://bugzilla.suse.com/1197872"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Tumbleweed:dnsmasq-2.86-4.1.aarch64",
"openSUSE Tumbleweed:dnsmasq-2.86-4.1.ppc64le",
"openSUSE Tumbleweed:dnsmasq-2.86-4.1.s390x",
"openSUSE Tumbleweed:dnsmasq-2.86-4.1.x86_64",
"openSUSE Tumbleweed:dnsmasq-utils-2.86-4.1.aarch64",
"openSUSE Tumbleweed:dnsmasq-utils-2.86-4.1.ppc64le",
"openSUSE Tumbleweed:dnsmasq-utils-2.86-4.1.s390x",
"openSUSE Tumbleweed:dnsmasq-utils-2.86-4.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"openSUSE Tumbleweed:dnsmasq-2.86-4.1.aarch64",
"openSUSE Tumbleweed:dnsmasq-2.86-4.1.ppc64le",
"openSUSE Tumbleweed:dnsmasq-2.86-4.1.s390x",
"openSUSE Tumbleweed:dnsmasq-2.86-4.1.x86_64",
"openSUSE Tumbleweed:dnsmasq-utils-2.86-4.1.aarch64",
"openSUSE Tumbleweed:dnsmasq-utils-2.86-4.1.ppc64le",
"openSUSE Tumbleweed:dnsmasq-utils-2.86-4.1.s390x",
"openSUSE Tumbleweed:dnsmasq-utils-2.86-4.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2024-06-15T00:00:00Z",
"details": "moderate"
}
],
"title": "CVE-2022-0934"
}
]
}
RHSA-2022:7633
Vulnerability from csaf_redhat - Published: 2022-11-08 10:16 - Updated: 2026-01-27 09:14Summary
Red Hat Security Advisory: dnsmasq security and bug fix update
Severity
Moderate
Notes
Topic: An update for dnsmasq is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: The dnsmasq packages contain Dnsmasq, a lightweight DNS (Domain Name Server) forwarder and DHCP (Dynamic Host Configuration Protocol) server.
Security Fix(es):
* dnsmasq: Heap use after free in dhcp6_no_relay (CVE-2022-0934)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.7 Release Notes linked from the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A single-byte, non-arbitrary write/use-after-free flaw was found in dnsmasq. This flaw allows an attacker who sends a crafted packet processed by dnsmasq, potentially causing a denial of service.
7.5 (High)
Affected products
Fixed
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.7.0.GA:dnsmasq-0:2.79-24.el8.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.7.0.GA:dnsmasq-0:2.79-24.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.7.0.GA:dnsmasq-0:2.79-24.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.7.0.GA:dnsmasq-0:2.79-24.el8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.7.0.GA:dnsmasq-0:2.79-24.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.7.0.GA:dnsmasq-debuginfo-0:2.79-24.el8.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.7.0.GA:dnsmasq-debuginfo-0:2.79-24.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.7.0.GA:dnsmasq-debuginfo-0:2.79-24.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.7.0.GA:dnsmasq-debuginfo-0:2.79-24.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.7.0.GA:dnsmasq-debugsource-0:2.79-24.el8.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.7.0.GA:dnsmasq-debugsource-0:2.79-24.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.7.0.GA:dnsmasq-debugsource-0:2.79-24.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.7.0.GA:dnsmasq-debugsource-0:2.79-24.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.7.0.GA:dnsmasq-utils-0:2.79-24.el8.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.7.0.GA:dnsmasq-utils-0:2.79-24.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.7.0.GA:dnsmasq-utils-0:2.79-24.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.7.0.GA:dnsmasq-utils-0:2.79-24.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.7.0.GA:dnsmasq-utils-debuginfo-0:2.79-24.el8.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.7.0.GA:dnsmasq-utils-debuginfo-0:2.79-24.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.7.0.GA:dnsmasq-utils-debuginfo-0:2.79-24.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.7.0.GA:dnsmasq-utils-debuginfo-0:2.79-24.el8.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
References
12 references
Acknowledgments
Trellix Threat Labs
Richard Johnson
Red Hat, Inc.
Petr Menšík
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for dnsmasq is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The dnsmasq packages contain Dnsmasq, a lightweight DNS (Domain Name Server) forwarder and DHCP (Dynamic Host Configuration Protocol) server.\n\nSecurity Fix(es):\n\n* dnsmasq: Heap use after free in dhcp6_no_relay (CVE-2022-0934)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 8.7 Release Notes linked from the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2022:7633",
"url": "https://access.redhat.com/errata/RHSA-2022:7633"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.7_release_notes/index",
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.7_release_notes/index"
},
{
"category": "external",
"summary": "2049691",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2049691"
},
{
"category": "external",
"summary": "2057075",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2057075"
},
{
"category": "external",
"summary": "2120357",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2120357"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_7633.json"
}
],
"title": "Red Hat Security Advisory: dnsmasq security and bug fix update",
"tracking": {
"current_release_date": "2026-01-27T09:14:02+00:00",
"generator": {
"date": "2026-01-27T09:14:02+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.16"
}
},
"id": "RHSA-2022:7633",
"initial_release_date": "2022-11-08T10:16:42+00:00",
"revision_history": [
{
"date": "2022-11-08T10:16:42+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2022-11-08T10:16:42+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-01-27T09:14:02+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.7.0.GA",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:8::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "dnsmasq-0:2.79-24.el8.src",
"product": {
"name": "dnsmasq-0:2.79-24.el8.src",
"product_id": "dnsmasq-0:2.79-24.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dnsmasq@2.79-24.el8?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "dnsmasq-0:2.79-24.el8.aarch64",
"product": {
"name": "dnsmasq-0:2.79-24.el8.aarch64",
"product_id": "dnsmasq-0:2.79-24.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dnsmasq@2.79-24.el8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "dnsmasq-utils-0:2.79-24.el8.aarch64",
"product": {
"name": "dnsmasq-utils-0:2.79-24.el8.aarch64",
"product_id": "dnsmasq-utils-0:2.79-24.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dnsmasq-utils@2.79-24.el8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "dnsmasq-debugsource-0:2.79-24.el8.aarch64",
"product": {
"name": "dnsmasq-debugsource-0:2.79-24.el8.aarch64",
"product_id": "dnsmasq-debugsource-0:2.79-24.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dnsmasq-debugsource@2.79-24.el8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "dnsmasq-debuginfo-0:2.79-24.el8.aarch64",
"product": {
"name": "dnsmasq-debuginfo-0:2.79-24.el8.aarch64",
"product_id": "dnsmasq-debuginfo-0:2.79-24.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dnsmasq-debuginfo@2.79-24.el8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "dnsmasq-utils-debuginfo-0:2.79-24.el8.aarch64",
"product": {
"name": "dnsmasq-utils-debuginfo-0:2.79-24.el8.aarch64",
"product_id": "dnsmasq-utils-debuginfo-0:2.79-24.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dnsmasq-utils-debuginfo@2.79-24.el8?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "dnsmasq-0:2.79-24.el8.ppc64le",
"product": {
"name": "dnsmasq-0:2.79-24.el8.ppc64le",
"product_id": "dnsmasq-0:2.79-24.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dnsmasq@2.79-24.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "dnsmasq-utils-0:2.79-24.el8.ppc64le",
"product": {
"name": "dnsmasq-utils-0:2.79-24.el8.ppc64le",
"product_id": "dnsmasq-utils-0:2.79-24.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dnsmasq-utils@2.79-24.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "dnsmasq-debugsource-0:2.79-24.el8.ppc64le",
"product": {
"name": "dnsmasq-debugsource-0:2.79-24.el8.ppc64le",
"product_id": "dnsmasq-debugsource-0:2.79-24.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dnsmasq-debugsource@2.79-24.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "dnsmasq-debuginfo-0:2.79-24.el8.ppc64le",
"product": {
"name": "dnsmasq-debuginfo-0:2.79-24.el8.ppc64le",
"product_id": "dnsmasq-debuginfo-0:2.79-24.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dnsmasq-debuginfo@2.79-24.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "dnsmasq-utils-debuginfo-0:2.79-24.el8.ppc64le",
"product": {
"name": "dnsmasq-utils-debuginfo-0:2.79-24.el8.ppc64le",
"product_id": "dnsmasq-utils-debuginfo-0:2.79-24.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dnsmasq-utils-debuginfo@2.79-24.el8?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "dnsmasq-0:2.79-24.el8.x86_64",
"product": {
"name": "dnsmasq-0:2.79-24.el8.x86_64",
"product_id": "dnsmasq-0:2.79-24.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dnsmasq@2.79-24.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "dnsmasq-utils-0:2.79-24.el8.x86_64",
"product": {
"name": "dnsmasq-utils-0:2.79-24.el8.x86_64",
"product_id": "dnsmasq-utils-0:2.79-24.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dnsmasq-utils@2.79-24.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "dnsmasq-debugsource-0:2.79-24.el8.x86_64",
"product": {
"name": "dnsmasq-debugsource-0:2.79-24.el8.x86_64",
"product_id": "dnsmasq-debugsource-0:2.79-24.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dnsmasq-debugsource@2.79-24.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "dnsmasq-debuginfo-0:2.79-24.el8.x86_64",
"product": {
"name": "dnsmasq-debuginfo-0:2.79-24.el8.x86_64",
"product_id": "dnsmasq-debuginfo-0:2.79-24.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dnsmasq-debuginfo@2.79-24.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "dnsmasq-utils-debuginfo-0:2.79-24.el8.x86_64",
"product": {
"name": "dnsmasq-utils-debuginfo-0:2.79-24.el8.x86_64",
"product_id": "dnsmasq-utils-debuginfo-0:2.79-24.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dnsmasq-utils-debuginfo@2.79-24.el8?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "dnsmasq-0:2.79-24.el8.s390x",
"product": {
"name": "dnsmasq-0:2.79-24.el8.s390x",
"product_id": "dnsmasq-0:2.79-24.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dnsmasq@2.79-24.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "dnsmasq-utils-0:2.79-24.el8.s390x",
"product": {
"name": "dnsmasq-utils-0:2.79-24.el8.s390x",
"product_id": "dnsmasq-utils-0:2.79-24.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dnsmasq-utils@2.79-24.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "dnsmasq-debugsource-0:2.79-24.el8.s390x",
"product": {
"name": "dnsmasq-debugsource-0:2.79-24.el8.s390x",
"product_id": "dnsmasq-debugsource-0:2.79-24.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dnsmasq-debugsource@2.79-24.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "dnsmasq-debuginfo-0:2.79-24.el8.s390x",
"product": {
"name": "dnsmasq-debuginfo-0:2.79-24.el8.s390x",
"product_id": "dnsmasq-debuginfo-0:2.79-24.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dnsmasq-debuginfo@2.79-24.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "dnsmasq-utils-debuginfo-0:2.79-24.el8.s390x",
"product": {
"name": "dnsmasq-utils-debuginfo-0:2.79-24.el8.s390x",
"product_id": "dnsmasq-utils-debuginfo-0:2.79-24.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dnsmasq-utils-debuginfo@2.79-24.el8?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-0:2.79-24.el8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.7.0.GA:dnsmasq-0:2.79-24.el8.aarch64"
},
"product_reference": "dnsmasq-0:2.79-24.el8.aarch64",
"relates_to_product_reference": "AppStream-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-0:2.79-24.el8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.7.0.GA:dnsmasq-0:2.79-24.el8.ppc64le"
},
"product_reference": "dnsmasq-0:2.79-24.el8.ppc64le",
"relates_to_product_reference": "AppStream-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-0:2.79-24.el8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.7.0.GA:dnsmasq-0:2.79-24.el8.s390x"
},
"product_reference": "dnsmasq-0:2.79-24.el8.s390x",
"relates_to_product_reference": "AppStream-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-0:2.79-24.el8.src as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.7.0.GA:dnsmasq-0:2.79-24.el8.src"
},
"product_reference": "dnsmasq-0:2.79-24.el8.src",
"relates_to_product_reference": "AppStream-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-0:2.79-24.el8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.7.0.GA:dnsmasq-0:2.79-24.el8.x86_64"
},
"product_reference": "dnsmasq-0:2.79-24.el8.x86_64",
"relates_to_product_reference": "AppStream-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-debuginfo-0:2.79-24.el8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.7.0.GA:dnsmasq-debuginfo-0:2.79-24.el8.aarch64"
},
"product_reference": "dnsmasq-debuginfo-0:2.79-24.el8.aarch64",
"relates_to_product_reference": "AppStream-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-debuginfo-0:2.79-24.el8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.7.0.GA:dnsmasq-debuginfo-0:2.79-24.el8.ppc64le"
},
"product_reference": "dnsmasq-debuginfo-0:2.79-24.el8.ppc64le",
"relates_to_product_reference": "AppStream-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-debuginfo-0:2.79-24.el8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.7.0.GA:dnsmasq-debuginfo-0:2.79-24.el8.s390x"
},
"product_reference": "dnsmasq-debuginfo-0:2.79-24.el8.s390x",
"relates_to_product_reference": "AppStream-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-debuginfo-0:2.79-24.el8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.7.0.GA:dnsmasq-debuginfo-0:2.79-24.el8.x86_64"
},
"product_reference": "dnsmasq-debuginfo-0:2.79-24.el8.x86_64",
"relates_to_product_reference": "AppStream-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-debugsource-0:2.79-24.el8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.7.0.GA:dnsmasq-debugsource-0:2.79-24.el8.aarch64"
},
"product_reference": "dnsmasq-debugsource-0:2.79-24.el8.aarch64",
"relates_to_product_reference": "AppStream-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-debugsource-0:2.79-24.el8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.7.0.GA:dnsmasq-debugsource-0:2.79-24.el8.ppc64le"
},
"product_reference": "dnsmasq-debugsource-0:2.79-24.el8.ppc64le",
"relates_to_product_reference": "AppStream-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-debugsource-0:2.79-24.el8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.7.0.GA:dnsmasq-debugsource-0:2.79-24.el8.s390x"
},
"product_reference": "dnsmasq-debugsource-0:2.79-24.el8.s390x",
"relates_to_product_reference": "AppStream-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-debugsource-0:2.79-24.el8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.7.0.GA:dnsmasq-debugsource-0:2.79-24.el8.x86_64"
},
"product_reference": "dnsmasq-debugsource-0:2.79-24.el8.x86_64",
"relates_to_product_reference": "AppStream-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-utils-0:2.79-24.el8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.7.0.GA:dnsmasq-utils-0:2.79-24.el8.aarch64"
},
"product_reference": "dnsmasq-utils-0:2.79-24.el8.aarch64",
"relates_to_product_reference": "AppStream-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-utils-0:2.79-24.el8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.7.0.GA:dnsmasq-utils-0:2.79-24.el8.ppc64le"
},
"product_reference": "dnsmasq-utils-0:2.79-24.el8.ppc64le",
"relates_to_product_reference": "AppStream-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-utils-0:2.79-24.el8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.7.0.GA:dnsmasq-utils-0:2.79-24.el8.s390x"
},
"product_reference": "dnsmasq-utils-0:2.79-24.el8.s390x",
"relates_to_product_reference": "AppStream-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-utils-0:2.79-24.el8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.7.0.GA:dnsmasq-utils-0:2.79-24.el8.x86_64"
},
"product_reference": "dnsmasq-utils-0:2.79-24.el8.x86_64",
"relates_to_product_reference": "AppStream-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-utils-debuginfo-0:2.79-24.el8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.7.0.GA:dnsmasq-utils-debuginfo-0:2.79-24.el8.aarch64"
},
"product_reference": "dnsmasq-utils-debuginfo-0:2.79-24.el8.aarch64",
"relates_to_product_reference": "AppStream-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-utils-debuginfo-0:2.79-24.el8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.7.0.GA:dnsmasq-utils-debuginfo-0:2.79-24.el8.ppc64le"
},
"product_reference": "dnsmasq-utils-debuginfo-0:2.79-24.el8.ppc64le",
"relates_to_product_reference": "AppStream-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-utils-debuginfo-0:2.79-24.el8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.7.0.GA:dnsmasq-utils-debuginfo-0:2.79-24.el8.s390x"
},
"product_reference": "dnsmasq-utils-debuginfo-0:2.79-24.el8.s390x",
"relates_to_product_reference": "AppStream-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-utils-debuginfo-0:2.79-24.el8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.7.0.GA:dnsmasq-utils-debuginfo-0:2.79-24.el8.x86_64"
},
"product_reference": "dnsmasq-utils-debuginfo-0:2.79-24.el8.x86_64",
"relates_to_product_reference": "AppStream-8.7.0.GA"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Richard Johnson"
],
"organization": "Trellix Threat Labs"
},
{
"names": [
"Petr Men\u0161\u00edk"
],
"organization": "Red Hat, Inc.",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2022-0934",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2022-02-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2057075"
}
],
"notes": [
{
"category": "description",
"text": "A single-byte, non-arbitrary write/use-after-free flaw was found in dnsmasq. This flaw allows an attacker who sends a crafted packet processed by dnsmasq, potentially causing a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "dnsmasq: Heap use after free in dhcp6_no_relay",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The severity of this flaw was set to Moderate because this is a 1-byte out-of-bounds write/use-after-free issue where the attacker does not control the data written (it is predefined in a header file). The highest impact is only to availability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.7.0.GA:dnsmasq-0:2.79-24.el8.aarch64",
"AppStream-8.7.0.GA:dnsmasq-0:2.79-24.el8.ppc64le",
"AppStream-8.7.0.GA:dnsmasq-0:2.79-24.el8.s390x",
"AppStream-8.7.0.GA:dnsmasq-0:2.79-24.el8.src",
"AppStream-8.7.0.GA:dnsmasq-0:2.79-24.el8.x86_64",
"AppStream-8.7.0.GA:dnsmasq-debuginfo-0:2.79-24.el8.aarch64",
"AppStream-8.7.0.GA:dnsmasq-debuginfo-0:2.79-24.el8.ppc64le",
"AppStream-8.7.0.GA:dnsmasq-debuginfo-0:2.79-24.el8.s390x",
"AppStream-8.7.0.GA:dnsmasq-debuginfo-0:2.79-24.el8.x86_64",
"AppStream-8.7.0.GA:dnsmasq-debugsource-0:2.79-24.el8.aarch64",
"AppStream-8.7.0.GA:dnsmasq-debugsource-0:2.79-24.el8.ppc64le",
"AppStream-8.7.0.GA:dnsmasq-debugsource-0:2.79-24.el8.s390x",
"AppStream-8.7.0.GA:dnsmasq-debugsource-0:2.79-24.el8.x86_64",
"AppStream-8.7.0.GA:dnsmasq-utils-0:2.79-24.el8.aarch64",
"AppStream-8.7.0.GA:dnsmasq-utils-0:2.79-24.el8.ppc64le",
"AppStream-8.7.0.GA:dnsmasq-utils-0:2.79-24.el8.s390x",
"AppStream-8.7.0.GA:dnsmasq-utils-0:2.79-24.el8.x86_64",
"AppStream-8.7.0.GA:dnsmasq-utils-debuginfo-0:2.79-24.el8.aarch64",
"AppStream-8.7.0.GA:dnsmasq-utils-debuginfo-0:2.79-24.el8.ppc64le",
"AppStream-8.7.0.GA:dnsmasq-utils-debuginfo-0:2.79-24.el8.s390x",
"AppStream-8.7.0.GA:dnsmasq-utils-debuginfo-0:2.79-24.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-0934"
},
{
"category": "external",
"summary": "RHBZ#2057075",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2057075"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-0934",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0934"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0934",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0934"
},
{
"category": "external",
"summary": "https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2022q1/016272.html",
"url": "https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2022q1/016272.html"
}
],
"release_date": "2022-03-28T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-11-08T10:16:42+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.7.0.GA:dnsmasq-0:2.79-24.el8.aarch64",
"AppStream-8.7.0.GA:dnsmasq-0:2.79-24.el8.ppc64le",
"AppStream-8.7.0.GA:dnsmasq-0:2.79-24.el8.s390x",
"AppStream-8.7.0.GA:dnsmasq-0:2.79-24.el8.src",
"AppStream-8.7.0.GA:dnsmasq-0:2.79-24.el8.x86_64",
"AppStream-8.7.0.GA:dnsmasq-debuginfo-0:2.79-24.el8.aarch64",
"AppStream-8.7.0.GA:dnsmasq-debuginfo-0:2.79-24.el8.ppc64le",
"AppStream-8.7.0.GA:dnsmasq-debuginfo-0:2.79-24.el8.s390x",
"AppStream-8.7.0.GA:dnsmasq-debuginfo-0:2.79-24.el8.x86_64",
"AppStream-8.7.0.GA:dnsmasq-debugsource-0:2.79-24.el8.aarch64",
"AppStream-8.7.0.GA:dnsmasq-debugsource-0:2.79-24.el8.ppc64le",
"AppStream-8.7.0.GA:dnsmasq-debugsource-0:2.79-24.el8.s390x",
"AppStream-8.7.0.GA:dnsmasq-debugsource-0:2.79-24.el8.x86_64",
"AppStream-8.7.0.GA:dnsmasq-utils-0:2.79-24.el8.aarch64",
"AppStream-8.7.0.GA:dnsmasq-utils-0:2.79-24.el8.ppc64le",
"AppStream-8.7.0.GA:dnsmasq-utils-0:2.79-24.el8.s390x",
"AppStream-8.7.0.GA:dnsmasq-utils-0:2.79-24.el8.x86_64",
"AppStream-8.7.0.GA:dnsmasq-utils-debuginfo-0:2.79-24.el8.aarch64",
"AppStream-8.7.0.GA:dnsmasq-utils-debuginfo-0:2.79-24.el8.ppc64le",
"AppStream-8.7.0.GA:dnsmasq-utils-debuginfo-0:2.79-24.el8.s390x",
"AppStream-8.7.0.GA:dnsmasq-utils-debuginfo-0:2.79-24.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:7633"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.7.0.GA:dnsmasq-0:2.79-24.el8.aarch64",
"AppStream-8.7.0.GA:dnsmasq-0:2.79-24.el8.ppc64le",
"AppStream-8.7.0.GA:dnsmasq-0:2.79-24.el8.s390x",
"AppStream-8.7.0.GA:dnsmasq-0:2.79-24.el8.src",
"AppStream-8.7.0.GA:dnsmasq-0:2.79-24.el8.x86_64",
"AppStream-8.7.0.GA:dnsmasq-debuginfo-0:2.79-24.el8.aarch64",
"AppStream-8.7.0.GA:dnsmasq-debuginfo-0:2.79-24.el8.ppc64le",
"AppStream-8.7.0.GA:dnsmasq-debuginfo-0:2.79-24.el8.s390x",
"AppStream-8.7.0.GA:dnsmasq-debuginfo-0:2.79-24.el8.x86_64",
"AppStream-8.7.0.GA:dnsmasq-debugsource-0:2.79-24.el8.aarch64",
"AppStream-8.7.0.GA:dnsmasq-debugsource-0:2.79-24.el8.ppc64le",
"AppStream-8.7.0.GA:dnsmasq-debugsource-0:2.79-24.el8.s390x",
"AppStream-8.7.0.GA:dnsmasq-debugsource-0:2.79-24.el8.x86_64",
"AppStream-8.7.0.GA:dnsmasq-utils-0:2.79-24.el8.aarch64",
"AppStream-8.7.0.GA:dnsmasq-utils-0:2.79-24.el8.ppc64le",
"AppStream-8.7.0.GA:dnsmasq-utils-0:2.79-24.el8.s390x",
"AppStream-8.7.0.GA:dnsmasq-utils-0:2.79-24.el8.x86_64",
"AppStream-8.7.0.GA:dnsmasq-utils-debuginfo-0:2.79-24.el8.aarch64",
"AppStream-8.7.0.GA:dnsmasq-utils-debuginfo-0:2.79-24.el8.ppc64le",
"AppStream-8.7.0.GA:dnsmasq-utils-debuginfo-0:2.79-24.el8.s390x",
"AppStream-8.7.0.GA:dnsmasq-utils-debuginfo-0:2.79-24.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "dnsmasq: Heap use after free in dhcp6_no_relay"
}
]
}
RHSA-2022:8070
Vulnerability from csaf_redhat - Published: 2022-11-15 12:39 - Updated: 2026-01-27 09:13Summary
Red Hat Security Advisory: dnsmasq security and bug fix update
Severity
Moderate
Notes
Topic: An update for dnsmasq is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: The dnsmasq packages contain Dnsmasq, a lightweight DNS (Domain Name Server) forwarder and DHCP (Dynamic Host Configuration Protocol) server.
Security Fix(es):
* dnsmasq: Heap use after free in dhcp6_no_relay (CVE-2022-0934)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.1 Release Notes linked from the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A single-byte, non-arbitrary write/use-after-free flaw was found in dnsmasq. This flaw allows an attacker who sends a crafted packet processed by dnsmasq, potentially causing a denial of service.
7.5 (High)
Affected products
Fixed
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.1.0.GA:dnsmasq-0:2.85-5.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:dnsmasq-0:2.85-5.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:dnsmasq-0:2.85-5.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:dnsmasq-0:2.85-5.el9.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:dnsmasq-0:2.85-5.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:dnsmasq-debuginfo-0:2.85-5.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:dnsmasq-debuginfo-0:2.85-5.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:dnsmasq-debuginfo-0:2.85-5.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:dnsmasq-debuginfo-0:2.85-5.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:dnsmasq-debugsource-0:2.85-5.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:dnsmasq-debugsource-0:2.85-5.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:dnsmasq-debugsource-0:2.85-5.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:dnsmasq-debugsource-0:2.85-5.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:dnsmasq-utils-0:2.85-5.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:dnsmasq-utils-0:2.85-5.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:dnsmasq-utils-0:2.85-5.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:dnsmasq-utils-0:2.85-5.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:dnsmasq-utils-debuginfo-0:2.85-5.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:dnsmasq-utils-debuginfo-0:2.85-5.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:dnsmasq-utils-debuginfo-0:2.85-5.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:dnsmasq-utils-debuginfo-0:2.85-5.el9.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
References
11 references
Acknowledgments
Trellix Threat Labs
Richard Johnson
Red Hat, Inc.
Petr Menšík
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for dnsmasq is now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The dnsmasq packages contain Dnsmasq, a lightweight DNS (Domain Name Server) forwarder and DHCP (Dynamic Host Configuration Protocol) server.\n\nSecurity Fix(es):\n\n* dnsmasq: Heap use after free in dhcp6_no_relay (CVE-2022-0934)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 9.1 Release Notes linked from the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2022:8070",
"url": "https://access.redhat.com/errata/RHSA-2022:8070"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.1_release_notes/index",
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.1_release_notes/index"
},
{
"category": "external",
"summary": "2057075",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2057075"
},
{
"category": "external",
"summary": "2120711",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2120711"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_8070.json"
}
],
"title": "Red Hat Security Advisory: dnsmasq security and bug fix update",
"tracking": {
"current_release_date": "2026-01-27T09:13:58+00:00",
"generator": {
"date": "2026-01-27T09:13:58+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.6.16"
}
},
"id": "RHSA-2022:8070",
"initial_release_date": "2022-11-15T12:39:57+00:00",
"revision_history": [
{
"date": "2022-11-15T12:39:57+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2022-11-15T12:39:57+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-01-27T09:13:58+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:9::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "dnsmasq-0:2.85-5.el9.src",
"product": {
"name": "dnsmasq-0:2.85-5.el9.src",
"product_id": "dnsmasq-0:2.85-5.el9.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dnsmasq@2.85-5.el9?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "dnsmasq-0:2.85-5.el9.aarch64",
"product": {
"name": "dnsmasq-0:2.85-5.el9.aarch64",
"product_id": "dnsmasq-0:2.85-5.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dnsmasq@2.85-5.el9?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "dnsmasq-utils-0:2.85-5.el9.aarch64",
"product": {
"name": "dnsmasq-utils-0:2.85-5.el9.aarch64",
"product_id": "dnsmasq-utils-0:2.85-5.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dnsmasq-utils@2.85-5.el9?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "dnsmasq-debugsource-0:2.85-5.el9.aarch64",
"product": {
"name": "dnsmasq-debugsource-0:2.85-5.el9.aarch64",
"product_id": "dnsmasq-debugsource-0:2.85-5.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dnsmasq-debugsource@2.85-5.el9?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "dnsmasq-debuginfo-0:2.85-5.el9.aarch64",
"product": {
"name": "dnsmasq-debuginfo-0:2.85-5.el9.aarch64",
"product_id": "dnsmasq-debuginfo-0:2.85-5.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dnsmasq-debuginfo@2.85-5.el9?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "dnsmasq-utils-debuginfo-0:2.85-5.el9.aarch64",
"product": {
"name": "dnsmasq-utils-debuginfo-0:2.85-5.el9.aarch64",
"product_id": "dnsmasq-utils-debuginfo-0:2.85-5.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dnsmasq-utils-debuginfo@2.85-5.el9?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "dnsmasq-0:2.85-5.el9.ppc64le",
"product": {
"name": "dnsmasq-0:2.85-5.el9.ppc64le",
"product_id": "dnsmasq-0:2.85-5.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dnsmasq@2.85-5.el9?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "dnsmasq-utils-0:2.85-5.el9.ppc64le",
"product": {
"name": "dnsmasq-utils-0:2.85-5.el9.ppc64le",
"product_id": "dnsmasq-utils-0:2.85-5.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dnsmasq-utils@2.85-5.el9?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "dnsmasq-debugsource-0:2.85-5.el9.ppc64le",
"product": {
"name": "dnsmasq-debugsource-0:2.85-5.el9.ppc64le",
"product_id": "dnsmasq-debugsource-0:2.85-5.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dnsmasq-debugsource@2.85-5.el9?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "dnsmasq-debuginfo-0:2.85-5.el9.ppc64le",
"product": {
"name": "dnsmasq-debuginfo-0:2.85-5.el9.ppc64le",
"product_id": "dnsmasq-debuginfo-0:2.85-5.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dnsmasq-debuginfo@2.85-5.el9?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "dnsmasq-utils-debuginfo-0:2.85-5.el9.ppc64le",
"product": {
"name": "dnsmasq-utils-debuginfo-0:2.85-5.el9.ppc64le",
"product_id": "dnsmasq-utils-debuginfo-0:2.85-5.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dnsmasq-utils-debuginfo@2.85-5.el9?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "dnsmasq-0:2.85-5.el9.x86_64",
"product": {
"name": "dnsmasq-0:2.85-5.el9.x86_64",
"product_id": "dnsmasq-0:2.85-5.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dnsmasq@2.85-5.el9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "dnsmasq-utils-0:2.85-5.el9.x86_64",
"product": {
"name": "dnsmasq-utils-0:2.85-5.el9.x86_64",
"product_id": "dnsmasq-utils-0:2.85-5.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dnsmasq-utils@2.85-5.el9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "dnsmasq-debugsource-0:2.85-5.el9.x86_64",
"product": {
"name": "dnsmasq-debugsource-0:2.85-5.el9.x86_64",
"product_id": "dnsmasq-debugsource-0:2.85-5.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dnsmasq-debugsource@2.85-5.el9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "dnsmasq-debuginfo-0:2.85-5.el9.x86_64",
"product": {
"name": "dnsmasq-debuginfo-0:2.85-5.el9.x86_64",
"product_id": "dnsmasq-debuginfo-0:2.85-5.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dnsmasq-debuginfo@2.85-5.el9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "dnsmasq-utils-debuginfo-0:2.85-5.el9.x86_64",
"product": {
"name": "dnsmasq-utils-debuginfo-0:2.85-5.el9.x86_64",
"product_id": "dnsmasq-utils-debuginfo-0:2.85-5.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dnsmasq-utils-debuginfo@2.85-5.el9?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "dnsmasq-0:2.85-5.el9.s390x",
"product": {
"name": "dnsmasq-0:2.85-5.el9.s390x",
"product_id": "dnsmasq-0:2.85-5.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dnsmasq@2.85-5.el9?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "dnsmasq-utils-0:2.85-5.el9.s390x",
"product": {
"name": "dnsmasq-utils-0:2.85-5.el9.s390x",
"product_id": "dnsmasq-utils-0:2.85-5.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dnsmasq-utils@2.85-5.el9?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "dnsmasq-debugsource-0:2.85-5.el9.s390x",
"product": {
"name": "dnsmasq-debugsource-0:2.85-5.el9.s390x",
"product_id": "dnsmasq-debugsource-0:2.85-5.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dnsmasq-debugsource@2.85-5.el9?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "dnsmasq-debuginfo-0:2.85-5.el9.s390x",
"product": {
"name": "dnsmasq-debuginfo-0:2.85-5.el9.s390x",
"product_id": "dnsmasq-debuginfo-0:2.85-5.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dnsmasq-debuginfo@2.85-5.el9?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "dnsmasq-utils-debuginfo-0:2.85-5.el9.s390x",
"product": {
"name": "dnsmasq-utils-debuginfo-0:2.85-5.el9.s390x",
"product_id": "dnsmasq-utils-debuginfo-0:2.85-5.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dnsmasq-utils-debuginfo@2.85-5.el9?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-0:2.85-5.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:dnsmasq-0:2.85-5.el9.aarch64"
},
"product_reference": "dnsmasq-0:2.85-5.el9.aarch64",
"relates_to_product_reference": "AppStream-9.1.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-0:2.85-5.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:dnsmasq-0:2.85-5.el9.ppc64le"
},
"product_reference": "dnsmasq-0:2.85-5.el9.ppc64le",
"relates_to_product_reference": "AppStream-9.1.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-0:2.85-5.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:dnsmasq-0:2.85-5.el9.s390x"
},
"product_reference": "dnsmasq-0:2.85-5.el9.s390x",
"relates_to_product_reference": "AppStream-9.1.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-0:2.85-5.el9.src as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:dnsmasq-0:2.85-5.el9.src"
},
"product_reference": "dnsmasq-0:2.85-5.el9.src",
"relates_to_product_reference": "AppStream-9.1.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-0:2.85-5.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:dnsmasq-0:2.85-5.el9.x86_64"
},
"product_reference": "dnsmasq-0:2.85-5.el9.x86_64",
"relates_to_product_reference": "AppStream-9.1.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-debuginfo-0:2.85-5.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:dnsmasq-debuginfo-0:2.85-5.el9.aarch64"
},
"product_reference": "dnsmasq-debuginfo-0:2.85-5.el9.aarch64",
"relates_to_product_reference": "AppStream-9.1.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-debuginfo-0:2.85-5.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:dnsmasq-debuginfo-0:2.85-5.el9.ppc64le"
},
"product_reference": "dnsmasq-debuginfo-0:2.85-5.el9.ppc64le",
"relates_to_product_reference": "AppStream-9.1.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-debuginfo-0:2.85-5.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:dnsmasq-debuginfo-0:2.85-5.el9.s390x"
},
"product_reference": "dnsmasq-debuginfo-0:2.85-5.el9.s390x",
"relates_to_product_reference": "AppStream-9.1.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-debuginfo-0:2.85-5.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:dnsmasq-debuginfo-0:2.85-5.el9.x86_64"
},
"product_reference": "dnsmasq-debuginfo-0:2.85-5.el9.x86_64",
"relates_to_product_reference": "AppStream-9.1.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-debugsource-0:2.85-5.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:dnsmasq-debugsource-0:2.85-5.el9.aarch64"
},
"product_reference": "dnsmasq-debugsource-0:2.85-5.el9.aarch64",
"relates_to_product_reference": "AppStream-9.1.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-debugsource-0:2.85-5.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:dnsmasq-debugsource-0:2.85-5.el9.ppc64le"
},
"product_reference": "dnsmasq-debugsource-0:2.85-5.el9.ppc64le",
"relates_to_product_reference": "AppStream-9.1.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-debugsource-0:2.85-5.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:dnsmasq-debugsource-0:2.85-5.el9.s390x"
},
"product_reference": "dnsmasq-debugsource-0:2.85-5.el9.s390x",
"relates_to_product_reference": "AppStream-9.1.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-debugsource-0:2.85-5.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:dnsmasq-debugsource-0:2.85-5.el9.x86_64"
},
"product_reference": "dnsmasq-debugsource-0:2.85-5.el9.x86_64",
"relates_to_product_reference": "AppStream-9.1.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-utils-0:2.85-5.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:dnsmasq-utils-0:2.85-5.el9.aarch64"
},
"product_reference": "dnsmasq-utils-0:2.85-5.el9.aarch64",
"relates_to_product_reference": "AppStream-9.1.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-utils-0:2.85-5.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:dnsmasq-utils-0:2.85-5.el9.ppc64le"
},
"product_reference": "dnsmasq-utils-0:2.85-5.el9.ppc64le",
"relates_to_product_reference": "AppStream-9.1.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-utils-0:2.85-5.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:dnsmasq-utils-0:2.85-5.el9.s390x"
},
"product_reference": "dnsmasq-utils-0:2.85-5.el9.s390x",
"relates_to_product_reference": "AppStream-9.1.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-utils-0:2.85-5.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:dnsmasq-utils-0:2.85-5.el9.x86_64"
},
"product_reference": "dnsmasq-utils-0:2.85-5.el9.x86_64",
"relates_to_product_reference": "AppStream-9.1.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-utils-debuginfo-0:2.85-5.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:dnsmasq-utils-debuginfo-0:2.85-5.el9.aarch64"
},
"product_reference": "dnsmasq-utils-debuginfo-0:2.85-5.el9.aarch64",
"relates_to_product_reference": "AppStream-9.1.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-utils-debuginfo-0:2.85-5.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:dnsmasq-utils-debuginfo-0:2.85-5.el9.ppc64le"
},
"product_reference": "dnsmasq-utils-debuginfo-0:2.85-5.el9.ppc64le",
"relates_to_product_reference": "AppStream-9.1.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-utils-debuginfo-0:2.85-5.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:dnsmasq-utils-debuginfo-0:2.85-5.el9.s390x"
},
"product_reference": "dnsmasq-utils-debuginfo-0:2.85-5.el9.s390x",
"relates_to_product_reference": "AppStream-9.1.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-utils-debuginfo-0:2.85-5.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:dnsmasq-utils-debuginfo-0:2.85-5.el9.x86_64"
},
"product_reference": "dnsmasq-utils-debuginfo-0:2.85-5.el9.x86_64",
"relates_to_product_reference": "AppStream-9.1.0.GA"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Richard Johnson"
],
"organization": "Trellix Threat Labs"
},
{
"names": [
"Petr Men\u0161\u00edk"
],
"organization": "Red Hat, Inc.",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2022-0934",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2022-02-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2057075"
}
],
"notes": [
{
"category": "description",
"text": "A single-byte, non-arbitrary write/use-after-free flaw was found in dnsmasq. This flaw allows an attacker who sends a crafted packet processed by dnsmasq, potentially causing a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "dnsmasq: Heap use after free in dhcp6_no_relay",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The severity of this flaw was set to Moderate because this is a 1-byte out-of-bounds write/use-after-free issue where the attacker does not control the data written (it is predefined in a header file). The highest impact is only to availability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.1.0.GA:dnsmasq-0:2.85-5.el9.aarch64",
"AppStream-9.1.0.GA:dnsmasq-0:2.85-5.el9.ppc64le",
"AppStream-9.1.0.GA:dnsmasq-0:2.85-5.el9.s390x",
"AppStream-9.1.0.GA:dnsmasq-0:2.85-5.el9.src",
"AppStream-9.1.0.GA:dnsmasq-0:2.85-5.el9.x86_64",
"AppStream-9.1.0.GA:dnsmasq-debuginfo-0:2.85-5.el9.aarch64",
"AppStream-9.1.0.GA:dnsmasq-debuginfo-0:2.85-5.el9.ppc64le",
"AppStream-9.1.0.GA:dnsmasq-debuginfo-0:2.85-5.el9.s390x",
"AppStream-9.1.0.GA:dnsmasq-debuginfo-0:2.85-5.el9.x86_64",
"AppStream-9.1.0.GA:dnsmasq-debugsource-0:2.85-5.el9.aarch64",
"AppStream-9.1.0.GA:dnsmasq-debugsource-0:2.85-5.el9.ppc64le",
"AppStream-9.1.0.GA:dnsmasq-debugsource-0:2.85-5.el9.s390x",
"AppStream-9.1.0.GA:dnsmasq-debugsource-0:2.85-5.el9.x86_64",
"AppStream-9.1.0.GA:dnsmasq-utils-0:2.85-5.el9.aarch64",
"AppStream-9.1.0.GA:dnsmasq-utils-0:2.85-5.el9.ppc64le",
"AppStream-9.1.0.GA:dnsmasq-utils-0:2.85-5.el9.s390x",
"AppStream-9.1.0.GA:dnsmasq-utils-0:2.85-5.el9.x86_64",
"AppStream-9.1.0.GA:dnsmasq-utils-debuginfo-0:2.85-5.el9.aarch64",
"AppStream-9.1.0.GA:dnsmasq-utils-debuginfo-0:2.85-5.el9.ppc64le",
"AppStream-9.1.0.GA:dnsmasq-utils-debuginfo-0:2.85-5.el9.s390x",
"AppStream-9.1.0.GA:dnsmasq-utils-debuginfo-0:2.85-5.el9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-0934"
},
{
"category": "external",
"summary": "RHBZ#2057075",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2057075"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-0934",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0934"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0934",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0934"
},
{
"category": "external",
"summary": "https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2022q1/016272.html",
"url": "https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2022q1/016272.html"
}
],
"release_date": "2022-03-28T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-11-15T12:39:57+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.1.0.GA:dnsmasq-0:2.85-5.el9.aarch64",
"AppStream-9.1.0.GA:dnsmasq-0:2.85-5.el9.ppc64le",
"AppStream-9.1.0.GA:dnsmasq-0:2.85-5.el9.s390x",
"AppStream-9.1.0.GA:dnsmasq-0:2.85-5.el9.src",
"AppStream-9.1.0.GA:dnsmasq-0:2.85-5.el9.x86_64",
"AppStream-9.1.0.GA:dnsmasq-debuginfo-0:2.85-5.el9.aarch64",
"AppStream-9.1.0.GA:dnsmasq-debuginfo-0:2.85-5.el9.ppc64le",
"AppStream-9.1.0.GA:dnsmasq-debuginfo-0:2.85-5.el9.s390x",
"AppStream-9.1.0.GA:dnsmasq-debuginfo-0:2.85-5.el9.x86_64",
"AppStream-9.1.0.GA:dnsmasq-debugsource-0:2.85-5.el9.aarch64",
"AppStream-9.1.0.GA:dnsmasq-debugsource-0:2.85-5.el9.ppc64le",
"AppStream-9.1.0.GA:dnsmasq-debugsource-0:2.85-5.el9.s390x",
"AppStream-9.1.0.GA:dnsmasq-debugsource-0:2.85-5.el9.x86_64",
"AppStream-9.1.0.GA:dnsmasq-utils-0:2.85-5.el9.aarch64",
"AppStream-9.1.0.GA:dnsmasq-utils-0:2.85-5.el9.ppc64le",
"AppStream-9.1.0.GA:dnsmasq-utils-0:2.85-5.el9.s390x",
"AppStream-9.1.0.GA:dnsmasq-utils-0:2.85-5.el9.x86_64",
"AppStream-9.1.0.GA:dnsmasq-utils-debuginfo-0:2.85-5.el9.aarch64",
"AppStream-9.1.0.GA:dnsmasq-utils-debuginfo-0:2.85-5.el9.ppc64le",
"AppStream-9.1.0.GA:dnsmasq-utils-debuginfo-0:2.85-5.el9.s390x",
"AppStream-9.1.0.GA:dnsmasq-utils-debuginfo-0:2.85-5.el9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:8070"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.1.0.GA:dnsmasq-0:2.85-5.el9.aarch64",
"AppStream-9.1.0.GA:dnsmasq-0:2.85-5.el9.ppc64le",
"AppStream-9.1.0.GA:dnsmasq-0:2.85-5.el9.s390x",
"AppStream-9.1.0.GA:dnsmasq-0:2.85-5.el9.src",
"AppStream-9.1.0.GA:dnsmasq-0:2.85-5.el9.x86_64",
"AppStream-9.1.0.GA:dnsmasq-debuginfo-0:2.85-5.el9.aarch64",
"AppStream-9.1.0.GA:dnsmasq-debuginfo-0:2.85-5.el9.ppc64le",
"AppStream-9.1.0.GA:dnsmasq-debuginfo-0:2.85-5.el9.s390x",
"AppStream-9.1.0.GA:dnsmasq-debuginfo-0:2.85-5.el9.x86_64",
"AppStream-9.1.0.GA:dnsmasq-debugsource-0:2.85-5.el9.aarch64",
"AppStream-9.1.0.GA:dnsmasq-debugsource-0:2.85-5.el9.ppc64le",
"AppStream-9.1.0.GA:dnsmasq-debugsource-0:2.85-5.el9.s390x",
"AppStream-9.1.0.GA:dnsmasq-debugsource-0:2.85-5.el9.x86_64",
"AppStream-9.1.0.GA:dnsmasq-utils-0:2.85-5.el9.aarch64",
"AppStream-9.1.0.GA:dnsmasq-utils-0:2.85-5.el9.ppc64le",
"AppStream-9.1.0.GA:dnsmasq-utils-0:2.85-5.el9.s390x",
"AppStream-9.1.0.GA:dnsmasq-utils-0:2.85-5.el9.x86_64",
"AppStream-9.1.0.GA:dnsmasq-utils-debuginfo-0:2.85-5.el9.aarch64",
"AppStream-9.1.0.GA:dnsmasq-utils-debuginfo-0:2.85-5.el9.ppc64le",
"AppStream-9.1.0.GA:dnsmasq-utils-debuginfo-0:2.85-5.el9.s390x",
"AppStream-9.1.0.GA:dnsmasq-utils-debuginfo-0:2.85-5.el9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "dnsmasq: Heap use after free in dhcp6_no_relay"
}
]
}
RHSA-2022_7633
Vulnerability from csaf_redhat - Published: 2022-11-08 10:16 - Updated: 2024-11-22 19:14Summary
Red Hat Security Advisory: dnsmasq security and bug fix update
Severity
Moderate
Notes
Topic: An update for dnsmasq is now available for Red Hat Enterprise Linux 8.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: The dnsmasq packages contain Dnsmasq, a lightweight DNS (Domain Name Server) forwarder and DHCP (Dynamic Host Configuration Protocol) server.
Security Fix(es):
* dnsmasq: Heap use after free in dhcp6_no_relay (CVE-2022-0934)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 8.7 Release Notes linked from the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A single-byte, non-arbitrary write/use-after-free flaw was found in dnsmasq. This flaw allows an attacker who sends a crafted packet processed by dnsmasq, potentially causing a denial of service.
7.5 (High)
Affected products
Fixed
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.7.0.GA:dnsmasq-0:2.79-24.el8.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.7.0.GA:dnsmasq-0:2.79-24.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.7.0.GA:dnsmasq-0:2.79-24.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.7.0.GA:dnsmasq-0:2.79-24.el8.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.7.0.GA:dnsmasq-0:2.79-24.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.7.0.GA:dnsmasq-debuginfo-0:2.79-24.el8.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.7.0.GA:dnsmasq-debuginfo-0:2.79-24.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.7.0.GA:dnsmasq-debuginfo-0:2.79-24.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.7.0.GA:dnsmasq-debuginfo-0:2.79-24.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.7.0.GA:dnsmasq-debugsource-0:2.79-24.el8.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.7.0.GA:dnsmasq-debugsource-0:2.79-24.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.7.0.GA:dnsmasq-debugsource-0:2.79-24.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.7.0.GA:dnsmasq-debugsource-0:2.79-24.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.7.0.GA:dnsmasq-utils-0:2.79-24.el8.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.7.0.GA:dnsmasq-utils-0:2.79-24.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.7.0.GA:dnsmasq-utils-0:2.79-24.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.7.0.GA:dnsmasq-utils-0:2.79-24.el8.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.7.0.GA:dnsmasq-utils-debuginfo-0:2.79-24.el8.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.7.0.GA:dnsmasq-utils-debuginfo-0:2.79-24.el8.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.7.0.GA:dnsmasq-utils-debuginfo-0:2.79-24.el8.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.7.0.GA:dnsmasq-utils-debuginfo-0:2.79-24.el8.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
References
12 references
Acknowledgments
Trellix Threat Labs
Richard Johnson
Red Hat, Inc.
Petr Menšík
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for dnsmasq is now available for Red Hat Enterprise Linux 8.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The dnsmasq packages contain Dnsmasq, a lightweight DNS (Domain Name Server) forwarder and DHCP (Dynamic Host Configuration Protocol) server.\n\nSecurity Fix(es):\n\n* dnsmasq: Heap use after free in dhcp6_no_relay (CVE-2022-0934)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 8.7 Release Notes linked from the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2022:7633",
"url": "https://access.redhat.com/errata/RHSA-2022:7633"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.7_release_notes/index",
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/8.7_release_notes/index"
},
{
"category": "external",
"summary": "2049691",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2049691"
},
{
"category": "external",
"summary": "2057075",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2057075"
},
{
"category": "external",
"summary": "2120357",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2120357"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_7633.json"
}
],
"title": "Red Hat Security Advisory: dnsmasq security and bug fix update",
"tracking": {
"current_release_date": "2024-11-22T19:14:12+00:00",
"generator": {
"date": "2024-11-22T19:14:12+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2022:7633",
"initial_release_date": "2022-11-08T10:16:42+00:00",
"revision_history": [
{
"date": "2022-11-08T10:16:42+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2022-11-08T10:16:42+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T19:14:12+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.7.0.GA",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:8::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "dnsmasq-0:2.79-24.el8.src",
"product": {
"name": "dnsmasq-0:2.79-24.el8.src",
"product_id": "dnsmasq-0:2.79-24.el8.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dnsmasq@2.79-24.el8?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "dnsmasq-0:2.79-24.el8.aarch64",
"product": {
"name": "dnsmasq-0:2.79-24.el8.aarch64",
"product_id": "dnsmasq-0:2.79-24.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dnsmasq@2.79-24.el8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "dnsmasq-utils-0:2.79-24.el8.aarch64",
"product": {
"name": "dnsmasq-utils-0:2.79-24.el8.aarch64",
"product_id": "dnsmasq-utils-0:2.79-24.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dnsmasq-utils@2.79-24.el8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "dnsmasq-debugsource-0:2.79-24.el8.aarch64",
"product": {
"name": "dnsmasq-debugsource-0:2.79-24.el8.aarch64",
"product_id": "dnsmasq-debugsource-0:2.79-24.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dnsmasq-debugsource@2.79-24.el8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "dnsmasq-debuginfo-0:2.79-24.el8.aarch64",
"product": {
"name": "dnsmasq-debuginfo-0:2.79-24.el8.aarch64",
"product_id": "dnsmasq-debuginfo-0:2.79-24.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dnsmasq-debuginfo@2.79-24.el8?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "dnsmasq-utils-debuginfo-0:2.79-24.el8.aarch64",
"product": {
"name": "dnsmasq-utils-debuginfo-0:2.79-24.el8.aarch64",
"product_id": "dnsmasq-utils-debuginfo-0:2.79-24.el8.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dnsmasq-utils-debuginfo@2.79-24.el8?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "dnsmasq-0:2.79-24.el8.ppc64le",
"product": {
"name": "dnsmasq-0:2.79-24.el8.ppc64le",
"product_id": "dnsmasq-0:2.79-24.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dnsmasq@2.79-24.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "dnsmasq-utils-0:2.79-24.el8.ppc64le",
"product": {
"name": "dnsmasq-utils-0:2.79-24.el8.ppc64le",
"product_id": "dnsmasq-utils-0:2.79-24.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dnsmasq-utils@2.79-24.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "dnsmasq-debugsource-0:2.79-24.el8.ppc64le",
"product": {
"name": "dnsmasq-debugsource-0:2.79-24.el8.ppc64le",
"product_id": "dnsmasq-debugsource-0:2.79-24.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dnsmasq-debugsource@2.79-24.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "dnsmasq-debuginfo-0:2.79-24.el8.ppc64le",
"product": {
"name": "dnsmasq-debuginfo-0:2.79-24.el8.ppc64le",
"product_id": "dnsmasq-debuginfo-0:2.79-24.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dnsmasq-debuginfo@2.79-24.el8?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "dnsmasq-utils-debuginfo-0:2.79-24.el8.ppc64le",
"product": {
"name": "dnsmasq-utils-debuginfo-0:2.79-24.el8.ppc64le",
"product_id": "dnsmasq-utils-debuginfo-0:2.79-24.el8.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dnsmasq-utils-debuginfo@2.79-24.el8?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "dnsmasq-0:2.79-24.el8.x86_64",
"product": {
"name": "dnsmasq-0:2.79-24.el8.x86_64",
"product_id": "dnsmasq-0:2.79-24.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dnsmasq@2.79-24.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "dnsmasq-utils-0:2.79-24.el8.x86_64",
"product": {
"name": "dnsmasq-utils-0:2.79-24.el8.x86_64",
"product_id": "dnsmasq-utils-0:2.79-24.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dnsmasq-utils@2.79-24.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "dnsmasq-debugsource-0:2.79-24.el8.x86_64",
"product": {
"name": "dnsmasq-debugsource-0:2.79-24.el8.x86_64",
"product_id": "dnsmasq-debugsource-0:2.79-24.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dnsmasq-debugsource@2.79-24.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "dnsmasq-debuginfo-0:2.79-24.el8.x86_64",
"product": {
"name": "dnsmasq-debuginfo-0:2.79-24.el8.x86_64",
"product_id": "dnsmasq-debuginfo-0:2.79-24.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dnsmasq-debuginfo@2.79-24.el8?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "dnsmasq-utils-debuginfo-0:2.79-24.el8.x86_64",
"product": {
"name": "dnsmasq-utils-debuginfo-0:2.79-24.el8.x86_64",
"product_id": "dnsmasq-utils-debuginfo-0:2.79-24.el8.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dnsmasq-utils-debuginfo@2.79-24.el8?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "dnsmasq-0:2.79-24.el8.s390x",
"product": {
"name": "dnsmasq-0:2.79-24.el8.s390x",
"product_id": "dnsmasq-0:2.79-24.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dnsmasq@2.79-24.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "dnsmasq-utils-0:2.79-24.el8.s390x",
"product": {
"name": "dnsmasq-utils-0:2.79-24.el8.s390x",
"product_id": "dnsmasq-utils-0:2.79-24.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dnsmasq-utils@2.79-24.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "dnsmasq-debugsource-0:2.79-24.el8.s390x",
"product": {
"name": "dnsmasq-debugsource-0:2.79-24.el8.s390x",
"product_id": "dnsmasq-debugsource-0:2.79-24.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dnsmasq-debugsource@2.79-24.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "dnsmasq-debuginfo-0:2.79-24.el8.s390x",
"product": {
"name": "dnsmasq-debuginfo-0:2.79-24.el8.s390x",
"product_id": "dnsmasq-debuginfo-0:2.79-24.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dnsmasq-debuginfo@2.79-24.el8?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "dnsmasq-utils-debuginfo-0:2.79-24.el8.s390x",
"product": {
"name": "dnsmasq-utils-debuginfo-0:2.79-24.el8.s390x",
"product_id": "dnsmasq-utils-debuginfo-0:2.79-24.el8.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dnsmasq-utils-debuginfo@2.79-24.el8?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-0:2.79-24.el8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.7.0.GA:dnsmasq-0:2.79-24.el8.aarch64"
},
"product_reference": "dnsmasq-0:2.79-24.el8.aarch64",
"relates_to_product_reference": "AppStream-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-0:2.79-24.el8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.7.0.GA:dnsmasq-0:2.79-24.el8.ppc64le"
},
"product_reference": "dnsmasq-0:2.79-24.el8.ppc64le",
"relates_to_product_reference": "AppStream-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-0:2.79-24.el8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.7.0.GA:dnsmasq-0:2.79-24.el8.s390x"
},
"product_reference": "dnsmasq-0:2.79-24.el8.s390x",
"relates_to_product_reference": "AppStream-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-0:2.79-24.el8.src as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.7.0.GA:dnsmasq-0:2.79-24.el8.src"
},
"product_reference": "dnsmasq-0:2.79-24.el8.src",
"relates_to_product_reference": "AppStream-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-0:2.79-24.el8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.7.0.GA:dnsmasq-0:2.79-24.el8.x86_64"
},
"product_reference": "dnsmasq-0:2.79-24.el8.x86_64",
"relates_to_product_reference": "AppStream-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-debuginfo-0:2.79-24.el8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.7.0.GA:dnsmasq-debuginfo-0:2.79-24.el8.aarch64"
},
"product_reference": "dnsmasq-debuginfo-0:2.79-24.el8.aarch64",
"relates_to_product_reference": "AppStream-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-debuginfo-0:2.79-24.el8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.7.0.GA:dnsmasq-debuginfo-0:2.79-24.el8.ppc64le"
},
"product_reference": "dnsmasq-debuginfo-0:2.79-24.el8.ppc64le",
"relates_to_product_reference": "AppStream-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-debuginfo-0:2.79-24.el8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.7.0.GA:dnsmasq-debuginfo-0:2.79-24.el8.s390x"
},
"product_reference": "dnsmasq-debuginfo-0:2.79-24.el8.s390x",
"relates_to_product_reference": "AppStream-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-debuginfo-0:2.79-24.el8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.7.0.GA:dnsmasq-debuginfo-0:2.79-24.el8.x86_64"
},
"product_reference": "dnsmasq-debuginfo-0:2.79-24.el8.x86_64",
"relates_to_product_reference": "AppStream-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-debugsource-0:2.79-24.el8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.7.0.GA:dnsmasq-debugsource-0:2.79-24.el8.aarch64"
},
"product_reference": "dnsmasq-debugsource-0:2.79-24.el8.aarch64",
"relates_to_product_reference": "AppStream-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-debugsource-0:2.79-24.el8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.7.0.GA:dnsmasq-debugsource-0:2.79-24.el8.ppc64le"
},
"product_reference": "dnsmasq-debugsource-0:2.79-24.el8.ppc64le",
"relates_to_product_reference": "AppStream-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-debugsource-0:2.79-24.el8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.7.0.GA:dnsmasq-debugsource-0:2.79-24.el8.s390x"
},
"product_reference": "dnsmasq-debugsource-0:2.79-24.el8.s390x",
"relates_to_product_reference": "AppStream-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-debugsource-0:2.79-24.el8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.7.0.GA:dnsmasq-debugsource-0:2.79-24.el8.x86_64"
},
"product_reference": "dnsmasq-debugsource-0:2.79-24.el8.x86_64",
"relates_to_product_reference": "AppStream-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-utils-0:2.79-24.el8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.7.0.GA:dnsmasq-utils-0:2.79-24.el8.aarch64"
},
"product_reference": "dnsmasq-utils-0:2.79-24.el8.aarch64",
"relates_to_product_reference": "AppStream-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-utils-0:2.79-24.el8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.7.0.GA:dnsmasq-utils-0:2.79-24.el8.ppc64le"
},
"product_reference": "dnsmasq-utils-0:2.79-24.el8.ppc64le",
"relates_to_product_reference": "AppStream-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-utils-0:2.79-24.el8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.7.0.GA:dnsmasq-utils-0:2.79-24.el8.s390x"
},
"product_reference": "dnsmasq-utils-0:2.79-24.el8.s390x",
"relates_to_product_reference": "AppStream-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-utils-0:2.79-24.el8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.7.0.GA:dnsmasq-utils-0:2.79-24.el8.x86_64"
},
"product_reference": "dnsmasq-utils-0:2.79-24.el8.x86_64",
"relates_to_product_reference": "AppStream-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-utils-debuginfo-0:2.79-24.el8.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.7.0.GA:dnsmasq-utils-debuginfo-0:2.79-24.el8.aarch64"
},
"product_reference": "dnsmasq-utils-debuginfo-0:2.79-24.el8.aarch64",
"relates_to_product_reference": "AppStream-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-utils-debuginfo-0:2.79-24.el8.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.7.0.GA:dnsmasq-utils-debuginfo-0:2.79-24.el8.ppc64le"
},
"product_reference": "dnsmasq-utils-debuginfo-0:2.79-24.el8.ppc64le",
"relates_to_product_reference": "AppStream-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-utils-debuginfo-0:2.79-24.el8.s390x as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.7.0.GA:dnsmasq-utils-debuginfo-0:2.79-24.el8.s390x"
},
"product_reference": "dnsmasq-utils-debuginfo-0:2.79-24.el8.s390x",
"relates_to_product_reference": "AppStream-8.7.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-utils-debuginfo-0:2.79-24.el8.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 8)",
"product_id": "AppStream-8.7.0.GA:dnsmasq-utils-debuginfo-0:2.79-24.el8.x86_64"
},
"product_reference": "dnsmasq-utils-debuginfo-0:2.79-24.el8.x86_64",
"relates_to_product_reference": "AppStream-8.7.0.GA"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Richard Johnson"
],
"organization": "Trellix Threat Labs"
},
{
"names": [
"Petr Men\u0161\u00edk"
],
"organization": "Red Hat, Inc.",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2022-0934",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2022-02-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2057075"
}
],
"notes": [
{
"category": "description",
"text": "A single-byte, non-arbitrary write/use-after-free flaw was found in dnsmasq. This flaw allows an attacker who sends a crafted packet processed by dnsmasq, potentially causing a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "dnsmasq: Heap use after free in dhcp6_no_relay",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The severity of this flaw was set to Moderate because this is a 1-byte out-of-bounds write/use-after-free issue where the attacker does not control the data written (it is predefined in a header file). The highest impact is only to availability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.7.0.GA:dnsmasq-0:2.79-24.el8.aarch64",
"AppStream-8.7.0.GA:dnsmasq-0:2.79-24.el8.ppc64le",
"AppStream-8.7.0.GA:dnsmasq-0:2.79-24.el8.s390x",
"AppStream-8.7.0.GA:dnsmasq-0:2.79-24.el8.src",
"AppStream-8.7.0.GA:dnsmasq-0:2.79-24.el8.x86_64",
"AppStream-8.7.0.GA:dnsmasq-debuginfo-0:2.79-24.el8.aarch64",
"AppStream-8.7.0.GA:dnsmasq-debuginfo-0:2.79-24.el8.ppc64le",
"AppStream-8.7.0.GA:dnsmasq-debuginfo-0:2.79-24.el8.s390x",
"AppStream-8.7.0.GA:dnsmasq-debuginfo-0:2.79-24.el8.x86_64",
"AppStream-8.7.0.GA:dnsmasq-debugsource-0:2.79-24.el8.aarch64",
"AppStream-8.7.0.GA:dnsmasq-debugsource-0:2.79-24.el8.ppc64le",
"AppStream-8.7.0.GA:dnsmasq-debugsource-0:2.79-24.el8.s390x",
"AppStream-8.7.0.GA:dnsmasq-debugsource-0:2.79-24.el8.x86_64",
"AppStream-8.7.0.GA:dnsmasq-utils-0:2.79-24.el8.aarch64",
"AppStream-8.7.0.GA:dnsmasq-utils-0:2.79-24.el8.ppc64le",
"AppStream-8.7.0.GA:dnsmasq-utils-0:2.79-24.el8.s390x",
"AppStream-8.7.0.GA:dnsmasq-utils-0:2.79-24.el8.x86_64",
"AppStream-8.7.0.GA:dnsmasq-utils-debuginfo-0:2.79-24.el8.aarch64",
"AppStream-8.7.0.GA:dnsmasq-utils-debuginfo-0:2.79-24.el8.ppc64le",
"AppStream-8.7.0.GA:dnsmasq-utils-debuginfo-0:2.79-24.el8.s390x",
"AppStream-8.7.0.GA:dnsmasq-utils-debuginfo-0:2.79-24.el8.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-0934"
},
{
"category": "external",
"summary": "RHBZ#2057075",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2057075"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-0934",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0934"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0934",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0934"
},
{
"category": "external",
"summary": "https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2022q1/016272.html",
"url": "https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2022q1/016272.html"
}
],
"release_date": "2022-03-28T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-11-08T10:16:42+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.7.0.GA:dnsmasq-0:2.79-24.el8.aarch64",
"AppStream-8.7.0.GA:dnsmasq-0:2.79-24.el8.ppc64le",
"AppStream-8.7.0.GA:dnsmasq-0:2.79-24.el8.s390x",
"AppStream-8.7.0.GA:dnsmasq-0:2.79-24.el8.src",
"AppStream-8.7.0.GA:dnsmasq-0:2.79-24.el8.x86_64",
"AppStream-8.7.0.GA:dnsmasq-debuginfo-0:2.79-24.el8.aarch64",
"AppStream-8.7.0.GA:dnsmasq-debuginfo-0:2.79-24.el8.ppc64le",
"AppStream-8.7.0.GA:dnsmasq-debuginfo-0:2.79-24.el8.s390x",
"AppStream-8.7.0.GA:dnsmasq-debuginfo-0:2.79-24.el8.x86_64",
"AppStream-8.7.0.GA:dnsmasq-debugsource-0:2.79-24.el8.aarch64",
"AppStream-8.7.0.GA:dnsmasq-debugsource-0:2.79-24.el8.ppc64le",
"AppStream-8.7.0.GA:dnsmasq-debugsource-0:2.79-24.el8.s390x",
"AppStream-8.7.0.GA:dnsmasq-debugsource-0:2.79-24.el8.x86_64",
"AppStream-8.7.0.GA:dnsmasq-utils-0:2.79-24.el8.aarch64",
"AppStream-8.7.0.GA:dnsmasq-utils-0:2.79-24.el8.ppc64le",
"AppStream-8.7.0.GA:dnsmasq-utils-0:2.79-24.el8.s390x",
"AppStream-8.7.0.GA:dnsmasq-utils-0:2.79-24.el8.x86_64",
"AppStream-8.7.0.GA:dnsmasq-utils-debuginfo-0:2.79-24.el8.aarch64",
"AppStream-8.7.0.GA:dnsmasq-utils-debuginfo-0:2.79-24.el8.ppc64le",
"AppStream-8.7.0.GA:dnsmasq-utils-debuginfo-0:2.79-24.el8.s390x",
"AppStream-8.7.0.GA:dnsmasq-utils-debuginfo-0:2.79-24.el8.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:7633"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.7.0.GA:dnsmasq-0:2.79-24.el8.aarch64",
"AppStream-8.7.0.GA:dnsmasq-0:2.79-24.el8.ppc64le",
"AppStream-8.7.0.GA:dnsmasq-0:2.79-24.el8.s390x",
"AppStream-8.7.0.GA:dnsmasq-0:2.79-24.el8.src",
"AppStream-8.7.0.GA:dnsmasq-0:2.79-24.el8.x86_64",
"AppStream-8.7.0.GA:dnsmasq-debuginfo-0:2.79-24.el8.aarch64",
"AppStream-8.7.0.GA:dnsmasq-debuginfo-0:2.79-24.el8.ppc64le",
"AppStream-8.7.0.GA:dnsmasq-debuginfo-0:2.79-24.el8.s390x",
"AppStream-8.7.0.GA:dnsmasq-debuginfo-0:2.79-24.el8.x86_64",
"AppStream-8.7.0.GA:dnsmasq-debugsource-0:2.79-24.el8.aarch64",
"AppStream-8.7.0.GA:dnsmasq-debugsource-0:2.79-24.el8.ppc64le",
"AppStream-8.7.0.GA:dnsmasq-debugsource-0:2.79-24.el8.s390x",
"AppStream-8.7.0.GA:dnsmasq-debugsource-0:2.79-24.el8.x86_64",
"AppStream-8.7.0.GA:dnsmasq-utils-0:2.79-24.el8.aarch64",
"AppStream-8.7.0.GA:dnsmasq-utils-0:2.79-24.el8.ppc64le",
"AppStream-8.7.0.GA:dnsmasq-utils-0:2.79-24.el8.s390x",
"AppStream-8.7.0.GA:dnsmasq-utils-0:2.79-24.el8.x86_64",
"AppStream-8.7.0.GA:dnsmasq-utils-debuginfo-0:2.79-24.el8.aarch64",
"AppStream-8.7.0.GA:dnsmasq-utils-debuginfo-0:2.79-24.el8.ppc64le",
"AppStream-8.7.0.GA:dnsmasq-utils-debuginfo-0:2.79-24.el8.s390x",
"AppStream-8.7.0.GA:dnsmasq-utils-debuginfo-0:2.79-24.el8.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "dnsmasq: Heap use after free in dhcp6_no_relay"
}
]
}
RHSA-2022_8070
Vulnerability from csaf_redhat - Published: 2022-11-15 12:39 - Updated: 2024-11-22 19:14Summary
Red Hat Security Advisory: dnsmasq security and bug fix update
Severity
Moderate
Notes
Topic: An update for dnsmasq is now available for Red Hat Enterprise Linux 9.
Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: The dnsmasq packages contain Dnsmasq, a lightweight DNS (Domain Name Server) forwarder and DHCP (Dynamic Host Configuration Protocol) server.
Security Fix(es):
* dnsmasq: Heap use after free in dhcp6_no_relay (CVE-2022-0934)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Additional Changes:
For detailed information on changes in this release, see the Red Hat Enterprise Linux 9.1 Release Notes linked from the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A single-byte, non-arbitrary write/use-after-free flaw was found in dnsmasq. This flaw allows an attacker who sends a crafted packet processed by dnsmasq, potentially causing a denial of service.
7.5 (High)
Affected products
Fixed
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-9.1.0.GA:dnsmasq-0:2.85-5.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:dnsmasq-0:2.85-5.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:dnsmasq-0:2.85-5.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:dnsmasq-0:2.85-5.el9.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:dnsmasq-0:2.85-5.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:dnsmasq-debuginfo-0:2.85-5.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:dnsmasq-debuginfo-0:2.85-5.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:dnsmasq-debuginfo-0:2.85-5.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:dnsmasq-debuginfo-0:2.85-5.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:dnsmasq-debugsource-0:2.85-5.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:dnsmasq-debugsource-0:2.85-5.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:dnsmasq-debugsource-0:2.85-5.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:dnsmasq-debugsource-0:2.85-5.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:dnsmasq-utils-0:2.85-5.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:dnsmasq-utils-0:2.85-5.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:dnsmasq-utils-0:2.85-5.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:dnsmasq-utils-0:2.85-5.el9.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:dnsmasq-utils-debuginfo-0:2.85-5.el9.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:dnsmasq-utils-debuginfo-0:2.85-5.el9.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:dnsmasq-utils-debuginfo-0:2.85-5.el9.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-9.1.0.GA:dnsmasq-utils-debuginfo-0:2.85-5.el9.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
References
11 references
Acknowledgments
Trellix Threat Labs
Richard Johnson
Red Hat, Inc.
Petr Menšík
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Moderate"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for dnsmasq is now available for Red Hat Enterprise Linux 9.\n\nRed Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The dnsmasq packages contain Dnsmasq, a lightweight DNS (Domain Name Server) forwarder and DHCP (Dynamic Host Configuration Protocol) server.\n\nSecurity Fix(es):\n\n* dnsmasq: Heap use after free in dhcp6_no_relay (CVE-2022-0934)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.\n\nAdditional Changes:\n\nFor detailed information on changes in this release, see the Red Hat Enterprise Linux 9.1 Release Notes linked from the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2022:8070",
"url": "https://access.redhat.com/errata/RHSA-2022:8070"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#moderate",
"url": "https://access.redhat.com/security/updates/classification/#moderate"
},
{
"category": "external",
"summary": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.1_release_notes/index",
"url": "https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/9/html/9.1_release_notes/index"
},
{
"category": "external",
"summary": "2057075",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2057075"
},
{
"category": "external",
"summary": "2120711",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2120711"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2022/rhsa-2022_8070.json"
}
],
"title": "Red Hat Security Advisory: dnsmasq security and bug fix update",
"tracking": {
"current_release_date": "2024-11-22T19:14:20+00:00",
"generator": {
"date": "2024-11-22T19:14:20+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.1"
}
},
"id": "RHSA-2022:8070",
"initial_release_date": "2022-11-15T12:39:57+00:00",
"revision_history": [
{
"date": "2022-11-15T12:39:57+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2022-11-15T12:39:57+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-11-22T19:14:20+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product": {
"name": "Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:enterprise_linux:9::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "dnsmasq-0:2.85-5.el9.src",
"product": {
"name": "dnsmasq-0:2.85-5.el9.src",
"product_id": "dnsmasq-0:2.85-5.el9.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dnsmasq@2.85-5.el9?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "dnsmasq-0:2.85-5.el9.aarch64",
"product": {
"name": "dnsmasq-0:2.85-5.el9.aarch64",
"product_id": "dnsmasq-0:2.85-5.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dnsmasq@2.85-5.el9?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "dnsmasq-utils-0:2.85-5.el9.aarch64",
"product": {
"name": "dnsmasq-utils-0:2.85-5.el9.aarch64",
"product_id": "dnsmasq-utils-0:2.85-5.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dnsmasq-utils@2.85-5.el9?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "dnsmasq-debugsource-0:2.85-5.el9.aarch64",
"product": {
"name": "dnsmasq-debugsource-0:2.85-5.el9.aarch64",
"product_id": "dnsmasq-debugsource-0:2.85-5.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dnsmasq-debugsource@2.85-5.el9?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "dnsmasq-debuginfo-0:2.85-5.el9.aarch64",
"product": {
"name": "dnsmasq-debuginfo-0:2.85-5.el9.aarch64",
"product_id": "dnsmasq-debuginfo-0:2.85-5.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dnsmasq-debuginfo@2.85-5.el9?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "dnsmasq-utils-debuginfo-0:2.85-5.el9.aarch64",
"product": {
"name": "dnsmasq-utils-debuginfo-0:2.85-5.el9.aarch64",
"product_id": "dnsmasq-utils-debuginfo-0:2.85-5.el9.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dnsmasq-utils-debuginfo@2.85-5.el9?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "dnsmasq-0:2.85-5.el9.ppc64le",
"product": {
"name": "dnsmasq-0:2.85-5.el9.ppc64le",
"product_id": "dnsmasq-0:2.85-5.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dnsmasq@2.85-5.el9?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "dnsmasq-utils-0:2.85-5.el9.ppc64le",
"product": {
"name": "dnsmasq-utils-0:2.85-5.el9.ppc64le",
"product_id": "dnsmasq-utils-0:2.85-5.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dnsmasq-utils@2.85-5.el9?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "dnsmasq-debugsource-0:2.85-5.el9.ppc64le",
"product": {
"name": "dnsmasq-debugsource-0:2.85-5.el9.ppc64le",
"product_id": "dnsmasq-debugsource-0:2.85-5.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dnsmasq-debugsource@2.85-5.el9?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "dnsmasq-debuginfo-0:2.85-5.el9.ppc64le",
"product": {
"name": "dnsmasq-debuginfo-0:2.85-5.el9.ppc64le",
"product_id": "dnsmasq-debuginfo-0:2.85-5.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dnsmasq-debuginfo@2.85-5.el9?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "dnsmasq-utils-debuginfo-0:2.85-5.el9.ppc64le",
"product": {
"name": "dnsmasq-utils-debuginfo-0:2.85-5.el9.ppc64le",
"product_id": "dnsmasq-utils-debuginfo-0:2.85-5.el9.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dnsmasq-utils-debuginfo@2.85-5.el9?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "dnsmasq-0:2.85-5.el9.x86_64",
"product": {
"name": "dnsmasq-0:2.85-5.el9.x86_64",
"product_id": "dnsmasq-0:2.85-5.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dnsmasq@2.85-5.el9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "dnsmasq-utils-0:2.85-5.el9.x86_64",
"product": {
"name": "dnsmasq-utils-0:2.85-5.el9.x86_64",
"product_id": "dnsmasq-utils-0:2.85-5.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dnsmasq-utils@2.85-5.el9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "dnsmasq-debugsource-0:2.85-5.el9.x86_64",
"product": {
"name": "dnsmasq-debugsource-0:2.85-5.el9.x86_64",
"product_id": "dnsmasq-debugsource-0:2.85-5.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dnsmasq-debugsource@2.85-5.el9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "dnsmasq-debuginfo-0:2.85-5.el9.x86_64",
"product": {
"name": "dnsmasq-debuginfo-0:2.85-5.el9.x86_64",
"product_id": "dnsmasq-debuginfo-0:2.85-5.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dnsmasq-debuginfo@2.85-5.el9?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "dnsmasq-utils-debuginfo-0:2.85-5.el9.x86_64",
"product": {
"name": "dnsmasq-utils-debuginfo-0:2.85-5.el9.x86_64",
"product_id": "dnsmasq-utils-debuginfo-0:2.85-5.el9.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dnsmasq-utils-debuginfo@2.85-5.el9?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "dnsmasq-0:2.85-5.el9.s390x",
"product": {
"name": "dnsmasq-0:2.85-5.el9.s390x",
"product_id": "dnsmasq-0:2.85-5.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dnsmasq@2.85-5.el9?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "dnsmasq-utils-0:2.85-5.el9.s390x",
"product": {
"name": "dnsmasq-utils-0:2.85-5.el9.s390x",
"product_id": "dnsmasq-utils-0:2.85-5.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dnsmasq-utils@2.85-5.el9?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "dnsmasq-debugsource-0:2.85-5.el9.s390x",
"product": {
"name": "dnsmasq-debugsource-0:2.85-5.el9.s390x",
"product_id": "dnsmasq-debugsource-0:2.85-5.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dnsmasq-debugsource@2.85-5.el9?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "dnsmasq-debuginfo-0:2.85-5.el9.s390x",
"product": {
"name": "dnsmasq-debuginfo-0:2.85-5.el9.s390x",
"product_id": "dnsmasq-debuginfo-0:2.85-5.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dnsmasq-debuginfo@2.85-5.el9?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "dnsmasq-utils-debuginfo-0:2.85-5.el9.s390x",
"product": {
"name": "dnsmasq-utils-debuginfo-0:2.85-5.el9.s390x",
"product_id": "dnsmasq-utils-debuginfo-0:2.85-5.el9.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dnsmasq-utils-debuginfo@2.85-5.el9?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-0:2.85-5.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:dnsmasq-0:2.85-5.el9.aarch64"
},
"product_reference": "dnsmasq-0:2.85-5.el9.aarch64",
"relates_to_product_reference": "AppStream-9.1.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-0:2.85-5.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:dnsmasq-0:2.85-5.el9.ppc64le"
},
"product_reference": "dnsmasq-0:2.85-5.el9.ppc64le",
"relates_to_product_reference": "AppStream-9.1.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-0:2.85-5.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:dnsmasq-0:2.85-5.el9.s390x"
},
"product_reference": "dnsmasq-0:2.85-5.el9.s390x",
"relates_to_product_reference": "AppStream-9.1.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-0:2.85-5.el9.src as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:dnsmasq-0:2.85-5.el9.src"
},
"product_reference": "dnsmasq-0:2.85-5.el9.src",
"relates_to_product_reference": "AppStream-9.1.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-0:2.85-5.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:dnsmasq-0:2.85-5.el9.x86_64"
},
"product_reference": "dnsmasq-0:2.85-5.el9.x86_64",
"relates_to_product_reference": "AppStream-9.1.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-debuginfo-0:2.85-5.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:dnsmasq-debuginfo-0:2.85-5.el9.aarch64"
},
"product_reference": "dnsmasq-debuginfo-0:2.85-5.el9.aarch64",
"relates_to_product_reference": "AppStream-9.1.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-debuginfo-0:2.85-5.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:dnsmasq-debuginfo-0:2.85-5.el9.ppc64le"
},
"product_reference": "dnsmasq-debuginfo-0:2.85-5.el9.ppc64le",
"relates_to_product_reference": "AppStream-9.1.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-debuginfo-0:2.85-5.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:dnsmasq-debuginfo-0:2.85-5.el9.s390x"
},
"product_reference": "dnsmasq-debuginfo-0:2.85-5.el9.s390x",
"relates_to_product_reference": "AppStream-9.1.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-debuginfo-0:2.85-5.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:dnsmasq-debuginfo-0:2.85-5.el9.x86_64"
},
"product_reference": "dnsmasq-debuginfo-0:2.85-5.el9.x86_64",
"relates_to_product_reference": "AppStream-9.1.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-debugsource-0:2.85-5.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:dnsmasq-debugsource-0:2.85-5.el9.aarch64"
},
"product_reference": "dnsmasq-debugsource-0:2.85-5.el9.aarch64",
"relates_to_product_reference": "AppStream-9.1.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-debugsource-0:2.85-5.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:dnsmasq-debugsource-0:2.85-5.el9.ppc64le"
},
"product_reference": "dnsmasq-debugsource-0:2.85-5.el9.ppc64le",
"relates_to_product_reference": "AppStream-9.1.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-debugsource-0:2.85-5.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:dnsmasq-debugsource-0:2.85-5.el9.s390x"
},
"product_reference": "dnsmasq-debugsource-0:2.85-5.el9.s390x",
"relates_to_product_reference": "AppStream-9.1.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-debugsource-0:2.85-5.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:dnsmasq-debugsource-0:2.85-5.el9.x86_64"
},
"product_reference": "dnsmasq-debugsource-0:2.85-5.el9.x86_64",
"relates_to_product_reference": "AppStream-9.1.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-utils-0:2.85-5.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:dnsmasq-utils-0:2.85-5.el9.aarch64"
},
"product_reference": "dnsmasq-utils-0:2.85-5.el9.aarch64",
"relates_to_product_reference": "AppStream-9.1.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-utils-0:2.85-5.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:dnsmasq-utils-0:2.85-5.el9.ppc64le"
},
"product_reference": "dnsmasq-utils-0:2.85-5.el9.ppc64le",
"relates_to_product_reference": "AppStream-9.1.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-utils-0:2.85-5.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:dnsmasq-utils-0:2.85-5.el9.s390x"
},
"product_reference": "dnsmasq-utils-0:2.85-5.el9.s390x",
"relates_to_product_reference": "AppStream-9.1.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-utils-0:2.85-5.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:dnsmasq-utils-0:2.85-5.el9.x86_64"
},
"product_reference": "dnsmasq-utils-0:2.85-5.el9.x86_64",
"relates_to_product_reference": "AppStream-9.1.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-utils-debuginfo-0:2.85-5.el9.aarch64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:dnsmasq-utils-debuginfo-0:2.85-5.el9.aarch64"
},
"product_reference": "dnsmasq-utils-debuginfo-0:2.85-5.el9.aarch64",
"relates_to_product_reference": "AppStream-9.1.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-utils-debuginfo-0:2.85-5.el9.ppc64le as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:dnsmasq-utils-debuginfo-0:2.85-5.el9.ppc64le"
},
"product_reference": "dnsmasq-utils-debuginfo-0:2.85-5.el9.ppc64le",
"relates_to_product_reference": "AppStream-9.1.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-utils-debuginfo-0:2.85-5.el9.s390x as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:dnsmasq-utils-debuginfo-0:2.85-5.el9.s390x"
},
"product_reference": "dnsmasq-utils-debuginfo-0:2.85-5.el9.s390x",
"relates_to_product_reference": "AppStream-9.1.0.GA"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-utils-debuginfo-0:2.85-5.el9.x86_64 as a component of Red Hat Enterprise Linux AppStream (v. 9)",
"product_id": "AppStream-9.1.0.GA:dnsmasq-utils-debuginfo-0:2.85-5.el9.x86_64"
},
"product_reference": "dnsmasq-utils-debuginfo-0:2.85-5.el9.x86_64",
"relates_to_product_reference": "AppStream-9.1.0.GA"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Richard Johnson"
],
"organization": "Trellix Threat Labs"
},
{
"names": [
"Petr Men\u0161\u00edk"
],
"organization": "Red Hat, Inc.",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2022-0934",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2022-02-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2057075"
}
],
"notes": [
{
"category": "description",
"text": "A single-byte, non-arbitrary write/use-after-free flaw was found in dnsmasq. This flaw allows an attacker who sends a crafted packet processed by dnsmasq, potentially causing a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "dnsmasq: Heap use after free in dhcp6_no_relay",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The severity of this flaw was set to Moderate because this is a 1-byte out-of-bounds write/use-after-free issue where the attacker does not control the data written (it is predefined in a header file). The highest impact is only to availability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-9.1.0.GA:dnsmasq-0:2.85-5.el9.aarch64",
"AppStream-9.1.0.GA:dnsmasq-0:2.85-5.el9.ppc64le",
"AppStream-9.1.0.GA:dnsmasq-0:2.85-5.el9.s390x",
"AppStream-9.1.0.GA:dnsmasq-0:2.85-5.el9.src",
"AppStream-9.1.0.GA:dnsmasq-0:2.85-5.el9.x86_64",
"AppStream-9.1.0.GA:dnsmasq-debuginfo-0:2.85-5.el9.aarch64",
"AppStream-9.1.0.GA:dnsmasq-debuginfo-0:2.85-5.el9.ppc64le",
"AppStream-9.1.0.GA:dnsmasq-debuginfo-0:2.85-5.el9.s390x",
"AppStream-9.1.0.GA:dnsmasq-debuginfo-0:2.85-5.el9.x86_64",
"AppStream-9.1.0.GA:dnsmasq-debugsource-0:2.85-5.el9.aarch64",
"AppStream-9.1.0.GA:dnsmasq-debugsource-0:2.85-5.el9.ppc64le",
"AppStream-9.1.0.GA:dnsmasq-debugsource-0:2.85-5.el9.s390x",
"AppStream-9.1.0.GA:dnsmasq-debugsource-0:2.85-5.el9.x86_64",
"AppStream-9.1.0.GA:dnsmasq-utils-0:2.85-5.el9.aarch64",
"AppStream-9.1.0.GA:dnsmasq-utils-0:2.85-5.el9.ppc64le",
"AppStream-9.1.0.GA:dnsmasq-utils-0:2.85-5.el9.s390x",
"AppStream-9.1.0.GA:dnsmasq-utils-0:2.85-5.el9.x86_64",
"AppStream-9.1.0.GA:dnsmasq-utils-debuginfo-0:2.85-5.el9.aarch64",
"AppStream-9.1.0.GA:dnsmasq-utils-debuginfo-0:2.85-5.el9.ppc64le",
"AppStream-9.1.0.GA:dnsmasq-utils-debuginfo-0:2.85-5.el9.s390x",
"AppStream-9.1.0.GA:dnsmasq-utils-debuginfo-0:2.85-5.el9.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-0934"
},
{
"category": "external",
"summary": "RHBZ#2057075",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2057075"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-0934",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0934"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0934",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0934"
},
{
"category": "external",
"summary": "https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2022q1/016272.html",
"url": "https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2022q1/016272.html"
}
],
"release_date": "2022-03-28T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2022-11-15T12:39:57+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-9.1.0.GA:dnsmasq-0:2.85-5.el9.aarch64",
"AppStream-9.1.0.GA:dnsmasq-0:2.85-5.el9.ppc64le",
"AppStream-9.1.0.GA:dnsmasq-0:2.85-5.el9.s390x",
"AppStream-9.1.0.GA:dnsmasq-0:2.85-5.el9.src",
"AppStream-9.1.0.GA:dnsmasq-0:2.85-5.el9.x86_64",
"AppStream-9.1.0.GA:dnsmasq-debuginfo-0:2.85-5.el9.aarch64",
"AppStream-9.1.0.GA:dnsmasq-debuginfo-0:2.85-5.el9.ppc64le",
"AppStream-9.1.0.GA:dnsmasq-debuginfo-0:2.85-5.el9.s390x",
"AppStream-9.1.0.GA:dnsmasq-debuginfo-0:2.85-5.el9.x86_64",
"AppStream-9.1.0.GA:dnsmasq-debugsource-0:2.85-5.el9.aarch64",
"AppStream-9.1.0.GA:dnsmasq-debugsource-0:2.85-5.el9.ppc64le",
"AppStream-9.1.0.GA:dnsmasq-debugsource-0:2.85-5.el9.s390x",
"AppStream-9.1.0.GA:dnsmasq-debugsource-0:2.85-5.el9.x86_64",
"AppStream-9.1.0.GA:dnsmasq-utils-0:2.85-5.el9.aarch64",
"AppStream-9.1.0.GA:dnsmasq-utils-0:2.85-5.el9.ppc64le",
"AppStream-9.1.0.GA:dnsmasq-utils-0:2.85-5.el9.s390x",
"AppStream-9.1.0.GA:dnsmasq-utils-0:2.85-5.el9.x86_64",
"AppStream-9.1.0.GA:dnsmasq-utils-debuginfo-0:2.85-5.el9.aarch64",
"AppStream-9.1.0.GA:dnsmasq-utils-debuginfo-0:2.85-5.el9.ppc64le",
"AppStream-9.1.0.GA:dnsmasq-utils-debuginfo-0:2.85-5.el9.s390x",
"AppStream-9.1.0.GA:dnsmasq-utils-debuginfo-0:2.85-5.el9.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2022:8070"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-9.1.0.GA:dnsmasq-0:2.85-5.el9.aarch64",
"AppStream-9.1.0.GA:dnsmasq-0:2.85-5.el9.ppc64le",
"AppStream-9.1.0.GA:dnsmasq-0:2.85-5.el9.s390x",
"AppStream-9.1.0.GA:dnsmasq-0:2.85-5.el9.src",
"AppStream-9.1.0.GA:dnsmasq-0:2.85-5.el9.x86_64",
"AppStream-9.1.0.GA:dnsmasq-debuginfo-0:2.85-5.el9.aarch64",
"AppStream-9.1.0.GA:dnsmasq-debuginfo-0:2.85-5.el9.ppc64le",
"AppStream-9.1.0.GA:dnsmasq-debuginfo-0:2.85-5.el9.s390x",
"AppStream-9.1.0.GA:dnsmasq-debuginfo-0:2.85-5.el9.x86_64",
"AppStream-9.1.0.GA:dnsmasq-debugsource-0:2.85-5.el9.aarch64",
"AppStream-9.1.0.GA:dnsmasq-debugsource-0:2.85-5.el9.ppc64le",
"AppStream-9.1.0.GA:dnsmasq-debugsource-0:2.85-5.el9.s390x",
"AppStream-9.1.0.GA:dnsmasq-debugsource-0:2.85-5.el9.x86_64",
"AppStream-9.1.0.GA:dnsmasq-utils-0:2.85-5.el9.aarch64",
"AppStream-9.1.0.GA:dnsmasq-utils-0:2.85-5.el9.ppc64le",
"AppStream-9.1.0.GA:dnsmasq-utils-0:2.85-5.el9.s390x",
"AppStream-9.1.0.GA:dnsmasq-utils-0:2.85-5.el9.x86_64",
"AppStream-9.1.0.GA:dnsmasq-utils-debuginfo-0:2.85-5.el9.aarch64",
"AppStream-9.1.0.GA:dnsmasq-utils-debuginfo-0:2.85-5.el9.ppc64le",
"AppStream-9.1.0.GA:dnsmasq-utils-debuginfo-0:2.85-5.el9.s390x",
"AppStream-9.1.0.GA:dnsmasq-utils-debuginfo-0:2.85-5.el9.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "dnsmasq: Heap use after free in dhcp6_no_relay"
}
]
}
RHSA-2024:1545
Vulnerability from csaf_redhat - Published: 2024-03-27 15:12 - Updated: 2026-04-30 13:16Summary
Red Hat Security Advisory: dnsmasq security update
Severity
Important
Notes
Topic: An update for dnsmasq is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: The dnsmasq packages contain dnsmasq, a lightweight DNS (Domain Name Server) forwarder and DHCP (Dynamic Host Configuration Protocol) server.
Security Fixes:
* dnsmasq: Heap use after free in dhcp6_no_relay (CVE-2022-0934)
* dnsmasq: default maximum EDNS.0 UDP packet size was set to 4096 but should be 1232 (CVE-2023-28450)
* dnsmasq: bind9: KeyTrap - Extreme CPU consumption in DNSSEC validator (CVE-2023-50387)
* dnsmasq: bind9: Preparing an NSEC3 closest encloser proof can exhaust CPU resources (CVE-2023-50868)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A single-byte, non-arbitrary write/use-after-free flaw was found in dnsmasq. This flaw allows an attacker who sends a crafted packet processed by dnsmasq, potentially causing a denial of service.
7.5 (High)
Affected products
Fixed
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.6.0.Z.EUS:dnsmasq-0:2.79-21.el8_6.5.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:dnsmasq-0:2.79-21.el8_6.5.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:dnsmasq-0:2.79-21.el8_6.5.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:dnsmasq-0:2.79-21.el8_6.5.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:dnsmasq-0:2.79-21.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:dnsmasq-debuginfo-0:2.79-21.el8_6.5.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:dnsmasq-debuginfo-0:2.79-21.el8_6.5.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:dnsmasq-debuginfo-0:2.79-21.el8_6.5.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:dnsmasq-debuginfo-0:2.79-21.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:dnsmasq-debugsource-0:2.79-21.el8_6.5.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:dnsmasq-debugsource-0:2.79-21.el8_6.5.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:dnsmasq-debugsource-0:2.79-21.el8_6.5.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:dnsmasq-debugsource-0:2.79-21.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:dnsmasq-utils-0:2.79-21.el8_6.5.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:dnsmasq-utils-0:2.79-21.el8_6.5.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:dnsmasq-utils-0:2.79-21.el8_6.5.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:dnsmasq-utils-0:2.79-21.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-21.el8_6.5.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-21.el8_6.5.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-21.el8_6.5.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-21.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in Dnsmasq. The default maximum EDNS.0 UDP packet size was set to 4096 but should be 1232 because of DNS Flag Day 2020.
7.5 (High)
Affected products
Fixed
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.6.0.Z.EUS:dnsmasq-0:2.79-21.el8_6.5.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:dnsmasq-0:2.79-21.el8_6.5.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:dnsmasq-0:2.79-21.el8_6.5.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:dnsmasq-0:2.79-21.el8_6.5.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:dnsmasq-0:2.79-21.el8_6.5.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:dnsmasq-debuginfo-0:2.79-21.el8_6.5.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:dnsmasq-debuginfo-0:2.79-21.el8_6.5.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:dnsmasq-debuginfo-0:2.79-21.el8_6.5.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:dnsmasq-debuginfo-0:2.79-21.el8_6.5.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:dnsmasq-debugsource-0:2.79-21.el8_6.5.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:dnsmasq-debugsource-0:2.79-21.el8_6.5.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:dnsmasq-debugsource-0:2.79-21.el8_6.5.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:dnsmasq-debugsource-0:2.79-21.el8_6.5.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:dnsmasq-utils-0:2.79-21.el8_6.5.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:dnsmasq-utils-0:2.79-21.el8_6.5.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:dnsmasq-utils-0:2.79-21.el8_6.5.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:dnsmasq-utils-0:2.79-21.el8_6.5.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-21.el8_6.5.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-21.el8_6.5.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-21.el8_6.5.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-21.el8_6.5.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
Processing specially crafted responses coming from DNSSEC-signed zones can lead to uncontrolled CPU usage, leading to a Denial of Service in the DNSSEC-validating resolver side. This vulnerability applies only for systems where DNSSEC validation is enabled.
7.5 (High)
Affected products
Fixed
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.6.0.Z.EUS:dnsmasq-0:2.79-21.el8_6.5.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:dnsmasq-0:2.79-21.el8_6.5.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:dnsmasq-0:2.79-21.el8_6.5.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:dnsmasq-0:2.79-21.el8_6.5.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:dnsmasq-0:2.79-21.el8_6.5.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:dnsmasq-debuginfo-0:2.79-21.el8_6.5.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:dnsmasq-debuginfo-0:2.79-21.el8_6.5.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:dnsmasq-debuginfo-0:2.79-21.el8_6.5.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:dnsmasq-debuginfo-0:2.79-21.el8_6.5.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:dnsmasq-debugsource-0:2.79-21.el8_6.5.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:dnsmasq-debugsource-0:2.79-21.el8_6.5.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:dnsmasq-debugsource-0:2.79-21.el8_6.5.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:dnsmasq-debugsource-0:2.79-21.el8_6.5.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:dnsmasq-utils-0:2.79-21.el8_6.5.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:dnsmasq-utils-0:2.79-21.el8_6.5.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:dnsmasq-utils-0:2.79-21.el8_6.5.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:dnsmasq-utils-0:2.79-21.el8_6.5.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-21.el8_6.5.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-21.el8_6.5.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-21.el8_6.5.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-21.el8_6.5.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in bind9. By flooding a DNSSEC resolver with responses coming from a DNSEC-signed zone using NSEC3, an attacker can lead the targeted resolver to a CPU exhaustion, further leading to a Denial of Service on the targeted host. This vulnerability applies only for systems where DNSSEC validation is enabled.
7.5 (High)
Affected products
Fixed
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.6.0.Z.EUS:dnsmasq-0:2.79-21.el8_6.5.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:dnsmasq-0:2.79-21.el8_6.5.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:dnsmasq-0:2.79-21.el8_6.5.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:dnsmasq-0:2.79-21.el8_6.5.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:dnsmasq-0:2.79-21.el8_6.5.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:dnsmasq-debuginfo-0:2.79-21.el8_6.5.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:dnsmasq-debuginfo-0:2.79-21.el8_6.5.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:dnsmasq-debuginfo-0:2.79-21.el8_6.5.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:dnsmasq-debuginfo-0:2.79-21.el8_6.5.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:dnsmasq-debugsource-0:2.79-21.el8_6.5.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:dnsmasq-debugsource-0:2.79-21.el8_6.5.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:dnsmasq-debugsource-0:2.79-21.el8_6.5.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:dnsmasq-debugsource-0:2.79-21.el8_6.5.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:dnsmasq-utils-0:2.79-21.el8_6.5.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:dnsmasq-utils-0:2.79-21.el8_6.5.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:dnsmasq-utils-0:2.79-21.el8_6.5.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:dnsmasq-utils-0:2.79-21.el8_6.5.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-21.el8_6.5.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-21.el8_6.5.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-21.el8_6.5.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-21.el8_6.5.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
References
29 references
Acknowledgments
Trellix Threat Labs
Richard Johnson
Red Hat, Inc.
Petr Menšík
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for dnsmasq is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The dnsmasq packages contain dnsmasq, a lightweight DNS (Domain Name Server) forwarder and DHCP (Dynamic Host Configuration Protocol) server.\n\nSecurity Fixes:\n\n* dnsmasq: Heap use after free in dhcp6_no_relay (CVE-2022-0934)\n\n* dnsmasq: default maximum EDNS.0 UDP packet size was set to 4096 but should be 1232 (CVE-2023-28450)\n\n* dnsmasq: bind9: KeyTrap - Extreme CPU consumption in DNSSEC validator (CVE-2023-50387)\n\n* dnsmasq: bind9: Preparing an NSEC3 closest encloser proof can exhaust CPU resources (CVE-2023-50868)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:1545",
"url": "https://access.redhat.com/errata/RHSA-2024:1545"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2057075",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2057075"
},
{
"category": "external",
"summary": "2178948",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2178948"
},
{
"category": "external",
"summary": "2263914",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2263914"
},
{
"category": "external",
"summary": "2263917",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2263917"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_1545.json"
}
],
"title": "Red Hat Security Advisory: dnsmasq security update",
"tracking": {
"current_release_date": "2026-04-30T13:16:26+00:00",
"generator": {
"date": "2026-04-30T13:16:26+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.7.7"
}
},
"id": "RHSA-2024:1545",
"initial_release_date": "2024-03-27T15:12:39+00:00",
"revision_history": [
{
"date": "2024-03-27T15:12:39+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-03-27T15:12:39+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2026-04-30T13:16:26+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product": {
"name": "Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_eus:8.6::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "dnsmasq-0:2.79-21.el8_6.5.src",
"product": {
"name": "dnsmasq-0:2.79-21.el8_6.5.src",
"product_id": "dnsmasq-0:2.79-21.el8_6.5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dnsmasq@2.79-21.el8_6.5?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "dnsmasq-0:2.79-21.el8_6.5.aarch64",
"product": {
"name": "dnsmasq-0:2.79-21.el8_6.5.aarch64",
"product_id": "dnsmasq-0:2.79-21.el8_6.5.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dnsmasq@2.79-21.el8_6.5?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "dnsmasq-utils-0:2.79-21.el8_6.5.aarch64",
"product": {
"name": "dnsmasq-utils-0:2.79-21.el8_6.5.aarch64",
"product_id": "dnsmasq-utils-0:2.79-21.el8_6.5.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dnsmasq-utils@2.79-21.el8_6.5?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "dnsmasq-debugsource-0:2.79-21.el8_6.5.aarch64",
"product": {
"name": "dnsmasq-debugsource-0:2.79-21.el8_6.5.aarch64",
"product_id": "dnsmasq-debugsource-0:2.79-21.el8_6.5.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dnsmasq-debugsource@2.79-21.el8_6.5?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "dnsmasq-debuginfo-0:2.79-21.el8_6.5.aarch64",
"product": {
"name": "dnsmasq-debuginfo-0:2.79-21.el8_6.5.aarch64",
"product_id": "dnsmasq-debuginfo-0:2.79-21.el8_6.5.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dnsmasq-debuginfo@2.79-21.el8_6.5?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "dnsmasq-utils-debuginfo-0:2.79-21.el8_6.5.aarch64",
"product": {
"name": "dnsmasq-utils-debuginfo-0:2.79-21.el8_6.5.aarch64",
"product_id": "dnsmasq-utils-debuginfo-0:2.79-21.el8_6.5.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dnsmasq-utils-debuginfo@2.79-21.el8_6.5?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "dnsmasq-0:2.79-21.el8_6.5.ppc64le",
"product": {
"name": "dnsmasq-0:2.79-21.el8_6.5.ppc64le",
"product_id": "dnsmasq-0:2.79-21.el8_6.5.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dnsmasq@2.79-21.el8_6.5?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "dnsmasq-utils-0:2.79-21.el8_6.5.ppc64le",
"product": {
"name": "dnsmasq-utils-0:2.79-21.el8_6.5.ppc64le",
"product_id": "dnsmasq-utils-0:2.79-21.el8_6.5.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dnsmasq-utils@2.79-21.el8_6.5?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "dnsmasq-debugsource-0:2.79-21.el8_6.5.ppc64le",
"product": {
"name": "dnsmasq-debugsource-0:2.79-21.el8_6.5.ppc64le",
"product_id": "dnsmasq-debugsource-0:2.79-21.el8_6.5.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dnsmasq-debugsource@2.79-21.el8_6.5?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "dnsmasq-debuginfo-0:2.79-21.el8_6.5.ppc64le",
"product": {
"name": "dnsmasq-debuginfo-0:2.79-21.el8_6.5.ppc64le",
"product_id": "dnsmasq-debuginfo-0:2.79-21.el8_6.5.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dnsmasq-debuginfo@2.79-21.el8_6.5?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "dnsmasq-utils-debuginfo-0:2.79-21.el8_6.5.ppc64le",
"product": {
"name": "dnsmasq-utils-debuginfo-0:2.79-21.el8_6.5.ppc64le",
"product_id": "dnsmasq-utils-debuginfo-0:2.79-21.el8_6.5.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dnsmasq-utils-debuginfo@2.79-21.el8_6.5?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "dnsmasq-0:2.79-21.el8_6.5.x86_64",
"product": {
"name": "dnsmasq-0:2.79-21.el8_6.5.x86_64",
"product_id": "dnsmasq-0:2.79-21.el8_6.5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dnsmasq@2.79-21.el8_6.5?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "dnsmasq-utils-0:2.79-21.el8_6.5.x86_64",
"product": {
"name": "dnsmasq-utils-0:2.79-21.el8_6.5.x86_64",
"product_id": "dnsmasq-utils-0:2.79-21.el8_6.5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dnsmasq-utils@2.79-21.el8_6.5?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "dnsmasq-debugsource-0:2.79-21.el8_6.5.x86_64",
"product": {
"name": "dnsmasq-debugsource-0:2.79-21.el8_6.5.x86_64",
"product_id": "dnsmasq-debugsource-0:2.79-21.el8_6.5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dnsmasq-debugsource@2.79-21.el8_6.5?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "dnsmasq-debuginfo-0:2.79-21.el8_6.5.x86_64",
"product": {
"name": "dnsmasq-debuginfo-0:2.79-21.el8_6.5.x86_64",
"product_id": "dnsmasq-debuginfo-0:2.79-21.el8_6.5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dnsmasq-debuginfo@2.79-21.el8_6.5?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "dnsmasq-utils-debuginfo-0:2.79-21.el8_6.5.x86_64",
"product": {
"name": "dnsmasq-utils-debuginfo-0:2.79-21.el8_6.5.x86_64",
"product_id": "dnsmasq-utils-debuginfo-0:2.79-21.el8_6.5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dnsmasq-utils-debuginfo@2.79-21.el8_6.5?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "dnsmasq-0:2.79-21.el8_6.5.s390x",
"product": {
"name": "dnsmasq-0:2.79-21.el8_6.5.s390x",
"product_id": "dnsmasq-0:2.79-21.el8_6.5.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dnsmasq@2.79-21.el8_6.5?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "dnsmasq-utils-0:2.79-21.el8_6.5.s390x",
"product": {
"name": "dnsmasq-utils-0:2.79-21.el8_6.5.s390x",
"product_id": "dnsmasq-utils-0:2.79-21.el8_6.5.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dnsmasq-utils@2.79-21.el8_6.5?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "dnsmasq-debugsource-0:2.79-21.el8_6.5.s390x",
"product": {
"name": "dnsmasq-debugsource-0:2.79-21.el8_6.5.s390x",
"product_id": "dnsmasq-debugsource-0:2.79-21.el8_6.5.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dnsmasq-debugsource@2.79-21.el8_6.5?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "dnsmasq-debuginfo-0:2.79-21.el8_6.5.s390x",
"product": {
"name": "dnsmasq-debuginfo-0:2.79-21.el8_6.5.s390x",
"product_id": "dnsmasq-debuginfo-0:2.79-21.el8_6.5.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dnsmasq-debuginfo@2.79-21.el8_6.5?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "dnsmasq-utils-debuginfo-0:2.79-21.el8_6.5.s390x",
"product": {
"name": "dnsmasq-utils-debuginfo-0:2.79-21.el8_6.5.s390x",
"product_id": "dnsmasq-utils-debuginfo-0:2.79-21.el8_6.5.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dnsmasq-utils-debuginfo@2.79-21.el8_6.5?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-0:2.79-21.el8_6.5.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:dnsmasq-0:2.79-21.el8_6.5.aarch64"
},
"product_reference": "dnsmasq-0:2.79-21.el8_6.5.aarch64",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-0:2.79-21.el8_6.5.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:dnsmasq-0:2.79-21.el8_6.5.ppc64le"
},
"product_reference": "dnsmasq-0:2.79-21.el8_6.5.ppc64le",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-0:2.79-21.el8_6.5.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:dnsmasq-0:2.79-21.el8_6.5.s390x"
},
"product_reference": "dnsmasq-0:2.79-21.el8_6.5.s390x",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-0:2.79-21.el8_6.5.src as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:dnsmasq-0:2.79-21.el8_6.5.src"
},
"product_reference": "dnsmasq-0:2.79-21.el8_6.5.src",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-0:2.79-21.el8_6.5.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:dnsmasq-0:2.79-21.el8_6.5.x86_64"
},
"product_reference": "dnsmasq-0:2.79-21.el8_6.5.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-debuginfo-0:2.79-21.el8_6.5.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:dnsmasq-debuginfo-0:2.79-21.el8_6.5.aarch64"
},
"product_reference": "dnsmasq-debuginfo-0:2.79-21.el8_6.5.aarch64",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-debuginfo-0:2.79-21.el8_6.5.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:dnsmasq-debuginfo-0:2.79-21.el8_6.5.ppc64le"
},
"product_reference": "dnsmasq-debuginfo-0:2.79-21.el8_6.5.ppc64le",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-debuginfo-0:2.79-21.el8_6.5.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:dnsmasq-debuginfo-0:2.79-21.el8_6.5.s390x"
},
"product_reference": "dnsmasq-debuginfo-0:2.79-21.el8_6.5.s390x",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-debuginfo-0:2.79-21.el8_6.5.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:dnsmasq-debuginfo-0:2.79-21.el8_6.5.x86_64"
},
"product_reference": "dnsmasq-debuginfo-0:2.79-21.el8_6.5.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-debugsource-0:2.79-21.el8_6.5.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:dnsmasq-debugsource-0:2.79-21.el8_6.5.aarch64"
},
"product_reference": "dnsmasq-debugsource-0:2.79-21.el8_6.5.aarch64",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-debugsource-0:2.79-21.el8_6.5.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:dnsmasq-debugsource-0:2.79-21.el8_6.5.ppc64le"
},
"product_reference": "dnsmasq-debugsource-0:2.79-21.el8_6.5.ppc64le",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-debugsource-0:2.79-21.el8_6.5.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:dnsmasq-debugsource-0:2.79-21.el8_6.5.s390x"
},
"product_reference": "dnsmasq-debugsource-0:2.79-21.el8_6.5.s390x",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-debugsource-0:2.79-21.el8_6.5.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:dnsmasq-debugsource-0:2.79-21.el8_6.5.x86_64"
},
"product_reference": "dnsmasq-debugsource-0:2.79-21.el8_6.5.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-utils-0:2.79-21.el8_6.5.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:dnsmasq-utils-0:2.79-21.el8_6.5.aarch64"
},
"product_reference": "dnsmasq-utils-0:2.79-21.el8_6.5.aarch64",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-utils-0:2.79-21.el8_6.5.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:dnsmasq-utils-0:2.79-21.el8_6.5.ppc64le"
},
"product_reference": "dnsmasq-utils-0:2.79-21.el8_6.5.ppc64le",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-utils-0:2.79-21.el8_6.5.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:dnsmasq-utils-0:2.79-21.el8_6.5.s390x"
},
"product_reference": "dnsmasq-utils-0:2.79-21.el8_6.5.s390x",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-utils-0:2.79-21.el8_6.5.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:dnsmasq-utils-0:2.79-21.el8_6.5.x86_64"
},
"product_reference": "dnsmasq-utils-0:2.79-21.el8_6.5.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-utils-debuginfo-0:2.79-21.el8_6.5.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-21.el8_6.5.aarch64"
},
"product_reference": "dnsmasq-utils-debuginfo-0:2.79-21.el8_6.5.aarch64",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-utils-debuginfo-0:2.79-21.el8_6.5.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-21.el8_6.5.ppc64le"
},
"product_reference": "dnsmasq-utils-debuginfo-0:2.79-21.el8_6.5.ppc64le",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-utils-debuginfo-0:2.79-21.el8_6.5.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-21.el8_6.5.s390x"
},
"product_reference": "dnsmasq-utils-debuginfo-0:2.79-21.el8_6.5.s390x",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-utils-debuginfo-0:2.79-21.el8_6.5.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-21.el8_6.5.x86_64"
},
"product_reference": "dnsmasq-utils-debuginfo-0:2.79-21.el8_6.5.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Richard Johnson"
],
"organization": "Trellix Threat Labs"
},
{
"names": [
"Petr Men\u0161\u00edk"
],
"organization": "Red Hat, Inc.",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2022-0934",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2022-02-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2057075"
}
],
"notes": [
{
"category": "description",
"text": "A single-byte, non-arbitrary write/use-after-free flaw was found in dnsmasq. This flaw allows an attacker who sends a crafted packet processed by dnsmasq, potentially causing a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "dnsmasq: Heap use after free in dhcp6_no_relay",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The severity of this flaw was set to Moderate because this is a 1-byte out-of-bounds write/use-after-free issue where the attacker does not control the data written (it is predefined in a header file). The highest impact is only to availability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.6.0.Z.EUS:dnsmasq-0:2.79-21.el8_6.5.aarch64",
"AppStream-8.6.0.Z.EUS:dnsmasq-0:2.79-21.el8_6.5.ppc64le",
"AppStream-8.6.0.Z.EUS:dnsmasq-0:2.79-21.el8_6.5.s390x",
"AppStream-8.6.0.Z.EUS:dnsmasq-0:2.79-21.el8_6.5.src",
"AppStream-8.6.0.Z.EUS:dnsmasq-0:2.79-21.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS:dnsmasq-debuginfo-0:2.79-21.el8_6.5.aarch64",
"AppStream-8.6.0.Z.EUS:dnsmasq-debuginfo-0:2.79-21.el8_6.5.ppc64le",
"AppStream-8.6.0.Z.EUS:dnsmasq-debuginfo-0:2.79-21.el8_6.5.s390x",
"AppStream-8.6.0.Z.EUS:dnsmasq-debuginfo-0:2.79-21.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS:dnsmasq-debugsource-0:2.79-21.el8_6.5.aarch64",
"AppStream-8.6.0.Z.EUS:dnsmasq-debugsource-0:2.79-21.el8_6.5.ppc64le",
"AppStream-8.6.0.Z.EUS:dnsmasq-debugsource-0:2.79-21.el8_6.5.s390x",
"AppStream-8.6.0.Z.EUS:dnsmasq-debugsource-0:2.79-21.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-0:2.79-21.el8_6.5.aarch64",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-0:2.79-21.el8_6.5.ppc64le",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-0:2.79-21.el8_6.5.s390x",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-0:2.79-21.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-21.el8_6.5.aarch64",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-21.el8_6.5.ppc64le",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-21.el8_6.5.s390x",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-21.el8_6.5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-0934"
},
{
"category": "external",
"summary": "RHBZ#2057075",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2057075"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-0934",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0934"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0934",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0934"
},
{
"category": "external",
"summary": "https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2022q1/016272.html",
"url": "https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2022q1/016272.html"
}
],
"release_date": "2022-03-28T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-03-27T15:12:39+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.6.0.Z.EUS:dnsmasq-0:2.79-21.el8_6.5.aarch64",
"AppStream-8.6.0.Z.EUS:dnsmasq-0:2.79-21.el8_6.5.ppc64le",
"AppStream-8.6.0.Z.EUS:dnsmasq-0:2.79-21.el8_6.5.s390x",
"AppStream-8.6.0.Z.EUS:dnsmasq-0:2.79-21.el8_6.5.src",
"AppStream-8.6.0.Z.EUS:dnsmasq-0:2.79-21.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS:dnsmasq-debuginfo-0:2.79-21.el8_6.5.aarch64",
"AppStream-8.6.0.Z.EUS:dnsmasq-debuginfo-0:2.79-21.el8_6.5.ppc64le",
"AppStream-8.6.0.Z.EUS:dnsmasq-debuginfo-0:2.79-21.el8_6.5.s390x",
"AppStream-8.6.0.Z.EUS:dnsmasq-debuginfo-0:2.79-21.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS:dnsmasq-debugsource-0:2.79-21.el8_6.5.aarch64",
"AppStream-8.6.0.Z.EUS:dnsmasq-debugsource-0:2.79-21.el8_6.5.ppc64le",
"AppStream-8.6.0.Z.EUS:dnsmasq-debugsource-0:2.79-21.el8_6.5.s390x",
"AppStream-8.6.0.Z.EUS:dnsmasq-debugsource-0:2.79-21.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-0:2.79-21.el8_6.5.aarch64",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-0:2.79-21.el8_6.5.ppc64le",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-0:2.79-21.el8_6.5.s390x",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-0:2.79-21.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-21.el8_6.5.aarch64",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-21.el8_6.5.ppc64le",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-21.el8_6.5.s390x",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-21.el8_6.5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:1545"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.6.0.Z.EUS:dnsmasq-0:2.79-21.el8_6.5.aarch64",
"AppStream-8.6.0.Z.EUS:dnsmasq-0:2.79-21.el8_6.5.ppc64le",
"AppStream-8.6.0.Z.EUS:dnsmasq-0:2.79-21.el8_6.5.s390x",
"AppStream-8.6.0.Z.EUS:dnsmasq-0:2.79-21.el8_6.5.src",
"AppStream-8.6.0.Z.EUS:dnsmasq-0:2.79-21.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS:dnsmasq-debuginfo-0:2.79-21.el8_6.5.aarch64",
"AppStream-8.6.0.Z.EUS:dnsmasq-debuginfo-0:2.79-21.el8_6.5.ppc64le",
"AppStream-8.6.0.Z.EUS:dnsmasq-debuginfo-0:2.79-21.el8_6.5.s390x",
"AppStream-8.6.0.Z.EUS:dnsmasq-debuginfo-0:2.79-21.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS:dnsmasq-debugsource-0:2.79-21.el8_6.5.aarch64",
"AppStream-8.6.0.Z.EUS:dnsmasq-debugsource-0:2.79-21.el8_6.5.ppc64le",
"AppStream-8.6.0.Z.EUS:dnsmasq-debugsource-0:2.79-21.el8_6.5.s390x",
"AppStream-8.6.0.Z.EUS:dnsmasq-debugsource-0:2.79-21.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-0:2.79-21.el8_6.5.aarch64",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-0:2.79-21.el8_6.5.ppc64le",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-0:2.79-21.el8_6.5.s390x",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-0:2.79-21.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-21.el8_6.5.aarch64",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-21.el8_6.5.ppc64le",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-21.el8_6.5.s390x",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-21.el8_6.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "dnsmasq: Heap use after free in dhcp6_no_relay"
},
{
"cve": "CVE-2023-28450",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2023-03-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2178948"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Dnsmasq. The default maximum EDNS.0 UDP packet size was set to 4096 but should be 1232 because of DNS Flag Day 2020.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "dnsmasq: default maximum EDNS.0 UDP packet size was set to 4096 but should be 1232",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The severity of this vulnerability is not important but moderate because exploiting the vulnerability can lead to a theoretical disruption of the availability of the service, but doesn\u2019t directly compromise data integrity or confidentiality. This theoretical disruption would require an attacker to be able to induce IP fragmentation during transmission and can be mitigated with a simple configuration change in any affected version. A successful attack would require significant target specific preparation and the ability to act as a man-in-the-middle or control the path MTU of the authoritative DNS server. Additionally, this CVE is easily remediated by setting the edns-packet-max value to 1232 in the dnsmasq configuration.\n\nThe changes made for DNS Flag Day 2020 were primarily related to improving service reliability in order to make sure that DNS servers do not experience transmission failures due to IP fragmentation over networks of unknown MTU configurations. This change of the default maximum EDNS Buffer Size was coordinated so that default configurations of DNS services would provide more reliable default settings as well as avoid attacks on DNS services that can only be made possible when UDP packets are fragmented in transit. For example, if the DNS Query ID and UDP port are carried in the first IP fragment, an attacker could spoof the second fragment and poison the DNS cache by swapping the subsequent good IP fragments with their own. \n\nBy using a default maximum EDNS value of 1232 (the largest value found to avoids fragmentation on nearly all modern networks) and relying on TCP for DNS queries with larger responses, IP Fragmentation issues can be reliably avoided with the default dnsmasq configuration.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.6.0.Z.EUS:dnsmasq-0:2.79-21.el8_6.5.aarch64",
"AppStream-8.6.0.Z.EUS:dnsmasq-0:2.79-21.el8_6.5.ppc64le",
"AppStream-8.6.0.Z.EUS:dnsmasq-0:2.79-21.el8_6.5.s390x",
"AppStream-8.6.0.Z.EUS:dnsmasq-0:2.79-21.el8_6.5.src",
"AppStream-8.6.0.Z.EUS:dnsmasq-0:2.79-21.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS:dnsmasq-debuginfo-0:2.79-21.el8_6.5.aarch64",
"AppStream-8.6.0.Z.EUS:dnsmasq-debuginfo-0:2.79-21.el8_6.5.ppc64le",
"AppStream-8.6.0.Z.EUS:dnsmasq-debuginfo-0:2.79-21.el8_6.5.s390x",
"AppStream-8.6.0.Z.EUS:dnsmasq-debuginfo-0:2.79-21.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS:dnsmasq-debugsource-0:2.79-21.el8_6.5.aarch64",
"AppStream-8.6.0.Z.EUS:dnsmasq-debugsource-0:2.79-21.el8_6.5.ppc64le",
"AppStream-8.6.0.Z.EUS:dnsmasq-debugsource-0:2.79-21.el8_6.5.s390x",
"AppStream-8.6.0.Z.EUS:dnsmasq-debugsource-0:2.79-21.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-0:2.79-21.el8_6.5.aarch64",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-0:2.79-21.el8_6.5.ppc64le",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-0:2.79-21.el8_6.5.s390x",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-0:2.79-21.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-21.el8_6.5.aarch64",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-21.el8_6.5.ppc64le",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-21.el8_6.5.s390x",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-21.el8_6.5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-28450"
},
{
"category": "external",
"summary": "RHBZ#2178948",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2178948"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-28450",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28450"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-28450",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28450"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-vgrx-vhjf-p7wv",
"url": "https://github.com/advisories/GHSA-vgrx-vhjf-p7wv"
}
],
"release_date": "2023-03-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-03-27T15:12:39+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.6.0.Z.EUS:dnsmasq-0:2.79-21.el8_6.5.aarch64",
"AppStream-8.6.0.Z.EUS:dnsmasq-0:2.79-21.el8_6.5.ppc64le",
"AppStream-8.6.0.Z.EUS:dnsmasq-0:2.79-21.el8_6.5.s390x",
"AppStream-8.6.0.Z.EUS:dnsmasq-0:2.79-21.el8_6.5.src",
"AppStream-8.6.0.Z.EUS:dnsmasq-0:2.79-21.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS:dnsmasq-debuginfo-0:2.79-21.el8_6.5.aarch64",
"AppStream-8.6.0.Z.EUS:dnsmasq-debuginfo-0:2.79-21.el8_6.5.ppc64le",
"AppStream-8.6.0.Z.EUS:dnsmasq-debuginfo-0:2.79-21.el8_6.5.s390x",
"AppStream-8.6.0.Z.EUS:dnsmasq-debuginfo-0:2.79-21.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS:dnsmasq-debugsource-0:2.79-21.el8_6.5.aarch64",
"AppStream-8.6.0.Z.EUS:dnsmasq-debugsource-0:2.79-21.el8_6.5.ppc64le",
"AppStream-8.6.0.Z.EUS:dnsmasq-debugsource-0:2.79-21.el8_6.5.s390x",
"AppStream-8.6.0.Z.EUS:dnsmasq-debugsource-0:2.79-21.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-0:2.79-21.el8_6.5.aarch64",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-0:2.79-21.el8_6.5.ppc64le",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-0:2.79-21.el8_6.5.s390x",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-0:2.79-21.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-21.el8_6.5.aarch64",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-21.el8_6.5.ppc64le",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-21.el8_6.5.s390x",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-21.el8_6.5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:1545"
},
{
"category": "workaround",
"details": "Systems that can not be updated can still configure dnsmasq to use the recommended maximum EDNS value by setting edns-packet-max=1232 in the dnsmasq configuration.",
"product_ids": [
"AppStream-8.6.0.Z.EUS:dnsmasq-0:2.79-21.el8_6.5.aarch64",
"AppStream-8.6.0.Z.EUS:dnsmasq-0:2.79-21.el8_6.5.ppc64le",
"AppStream-8.6.0.Z.EUS:dnsmasq-0:2.79-21.el8_6.5.s390x",
"AppStream-8.6.0.Z.EUS:dnsmasq-0:2.79-21.el8_6.5.src",
"AppStream-8.6.0.Z.EUS:dnsmasq-0:2.79-21.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS:dnsmasq-debuginfo-0:2.79-21.el8_6.5.aarch64",
"AppStream-8.6.0.Z.EUS:dnsmasq-debuginfo-0:2.79-21.el8_6.5.ppc64le",
"AppStream-8.6.0.Z.EUS:dnsmasq-debuginfo-0:2.79-21.el8_6.5.s390x",
"AppStream-8.6.0.Z.EUS:dnsmasq-debuginfo-0:2.79-21.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS:dnsmasq-debugsource-0:2.79-21.el8_6.5.aarch64",
"AppStream-8.6.0.Z.EUS:dnsmasq-debugsource-0:2.79-21.el8_6.5.ppc64le",
"AppStream-8.6.0.Z.EUS:dnsmasq-debugsource-0:2.79-21.el8_6.5.s390x",
"AppStream-8.6.0.Z.EUS:dnsmasq-debugsource-0:2.79-21.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-0:2.79-21.el8_6.5.aarch64",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-0:2.79-21.el8_6.5.ppc64le",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-0:2.79-21.el8_6.5.s390x",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-0:2.79-21.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-21.el8_6.5.aarch64",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-21.el8_6.5.ppc64le",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-21.el8_6.5.s390x",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-21.el8_6.5.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.6.0.Z.EUS:dnsmasq-0:2.79-21.el8_6.5.aarch64",
"AppStream-8.6.0.Z.EUS:dnsmasq-0:2.79-21.el8_6.5.ppc64le",
"AppStream-8.6.0.Z.EUS:dnsmasq-0:2.79-21.el8_6.5.s390x",
"AppStream-8.6.0.Z.EUS:dnsmasq-0:2.79-21.el8_6.5.src",
"AppStream-8.6.0.Z.EUS:dnsmasq-0:2.79-21.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS:dnsmasq-debuginfo-0:2.79-21.el8_6.5.aarch64",
"AppStream-8.6.0.Z.EUS:dnsmasq-debuginfo-0:2.79-21.el8_6.5.ppc64le",
"AppStream-8.6.0.Z.EUS:dnsmasq-debuginfo-0:2.79-21.el8_6.5.s390x",
"AppStream-8.6.0.Z.EUS:dnsmasq-debuginfo-0:2.79-21.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS:dnsmasq-debugsource-0:2.79-21.el8_6.5.aarch64",
"AppStream-8.6.0.Z.EUS:dnsmasq-debugsource-0:2.79-21.el8_6.5.ppc64le",
"AppStream-8.6.0.Z.EUS:dnsmasq-debugsource-0:2.79-21.el8_6.5.s390x",
"AppStream-8.6.0.Z.EUS:dnsmasq-debugsource-0:2.79-21.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-0:2.79-21.el8_6.5.aarch64",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-0:2.79-21.el8_6.5.ppc64le",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-0:2.79-21.el8_6.5.s390x",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-0:2.79-21.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-21.el8_6.5.aarch64",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-21.el8_6.5.ppc64le",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-21.el8_6.5.s390x",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-21.el8_6.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "dnsmasq: default maximum EDNS.0 UDP packet size was set to 4096 but should be 1232"
},
{
"cve": "CVE-2023-50387",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2024-02-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2263914"
}
],
"notes": [
{
"category": "description",
"text": "Processing specially crafted responses coming from DNSSEC-signed zones can lead to uncontrolled CPU usage, leading to a Denial of Service in the DNSSEC-validating resolver side.\r\n\r\nThis vulnerability applies only for systems where DNSSEC validation is enabled.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "bind9: KeyTrap - Extreme CPU consumption in DNSSEC validator",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability in DNSSEC-validating resolvers is of important severity because it can lead to uncontrolled CPU consumption, resulting in a Denial of Service (DoS). By exploiting this flaw, attackers can send specially crafted DNS responses that cause the resolver to enter a state of excessive resource utilization. This can severely impact the availability and performance of DNS services, affecting not only the targeted resolver but potentially cascading to other dependent systems and services.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.6.0.Z.EUS:dnsmasq-0:2.79-21.el8_6.5.aarch64",
"AppStream-8.6.0.Z.EUS:dnsmasq-0:2.79-21.el8_6.5.ppc64le",
"AppStream-8.6.0.Z.EUS:dnsmasq-0:2.79-21.el8_6.5.s390x",
"AppStream-8.6.0.Z.EUS:dnsmasq-0:2.79-21.el8_6.5.src",
"AppStream-8.6.0.Z.EUS:dnsmasq-0:2.79-21.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS:dnsmasq-debuginfo-0:2.79-21.el8_6.5.aarch64",
"AppStream-8.6.0.Z.EUS:dnsmasq-debuginfo-0:2.79-21.el8_6.5.ppc64le",
"AppStream-8.6.0.Z.EUS:dnsmasq-debuginfo-0:2.79-21.el8_6.5.s390x",
"AppStream-8.6.0.Z.EUS:dnsmasq-debuginfo-0:2.79-21.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS:dnsmasq-debugsource-0:2.79-21.el8_6.5.aarch64",
"AppStream-8.6.0.Z.EUS:dnsmasq-debugsource-0:2.79-21.el8_6.5.ppc64le",
"AppStream-8.6.0.Z.EUS:dnsmasq-debugsource-0:2.79-21.el8_6.5.s390x",
"AppStream-8.6.0.Z.EUS:dnsmasq-debugsource-0:2.79-21.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-0:2.79-21.el8_6.5.aarch64",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-0:2.79-21.el8_6.5.ppc64le",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-0:2.79-21.el8_6.5.s390x",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-0:2.79-21.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-21.el8_6.5.aarch64",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-21.el8_6.5.ppc64le",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-21.el8_6.5.s390x",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-21.el8_6.5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-50387"
},
{
"category": "external",
"summary": "RHBZ#2263914",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2263914"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-50387",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50387"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-50387",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-50387"
},
{
"category": "external",
"summary": "https://blog.powerdns.com/2024/02/13/powerdns-recursor-4-8-6-4-9-3-5-0-2-released",
"url": "https://blog.powerdns.com/2024/02/13/powerdns-recursor-4-8-6-4-9-3-5-0-2-released"
},
{
"category": "external",
"summary": "https://kb.isc.org/docs/cve-2023-50387",
"url": "https://kb.isc.org/docs/cve-2023-50387"
},
{
"category": "external",
"summary": "https://www.knot-resolver.cz/2024-02-13-knot-resolver-5.7.1.html",
"url": "https://www.knot-resolver.cz/2024-02-13-knot-resolver-5.7.1.html"
}
],
"release_date": "2024-02-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-03-27T15:12:39+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.6.0.Z.EUS:dnsmasq-0:2.79-21.el8_6.5.aarch64",
"AppStream-8.6.0.Z.EUS:dnsmasq-0:2.79-21.el8_6.5.ppc64le",
"AppStream-8.6.0.Z.EUS:dnsmasq-0:2.79-21.el8_6.5.s390x",
"AppStream-8.6.0.Z.EUS:dnsmasq-0:2.79-21.el8_6.5.src",
"AppStream-8.6.0.Z.EUS:dnsmasq-0:2.79-21.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS:dnsmasq-debuginfo-0:2.79-21.el8_6.5.aarch64",
"AppStream-8.6.0.Z.EUS:dnsmasq-debuginfo-0:2.79-21.el8_6.5.ppc64le",
"AppStream-8.6.0.Z.EUS:dnsmasq-debuginfo-0:2.79-21.el8_6.5.s390x",
"AppStream-8.6.0.Z.EUS:dnsmasq-debuginfo-0:2.79-21.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS:dnsmasq-debugsource-0:2.79-21.el8_6.5.aarch64",
"AppStream-8.6.0.Z.EUS:dnsmasq-debugsource-0:2.79-21.el8_6.5.ppc64le",
"AppStream-8.6.0.Z.EUS:dnsmasq-debugsource-0:2.79-21.el8_6.5.s390x",
"AppStream-8.6.0.Z.EUS:dnsmasq-debugsource-0:2.79-21.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-0:2.79-21.el8_6.5.aarch64",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-0:2.79-21.el8_6.5.ppc64le",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-0:2.79-21.el8_6.5.s390x",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-0:2.79-21.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-21.el8_6.5.aarch64",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-21.el8_6.5.ppc64le",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-21.el8_6.5.s390x",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-21.el8_6.5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:1545"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.6.0.Z.EUS:dnsmasq-0:2.79-21.el8_6.5.aarch64",
"AppStream-8.6.0.Z.EUS:dnsmasq-0:2.79-21.el8_6.5.ppc64le",
"AppStream-8.6.0.Z.EUS:dnsmasq-0:2.79-21.el8_6.5.s390x",
"AppStream-8.6.0.Z.EUS:dnsmasq-0:2.79-21.el8_6.5.src",
"AppStream-8.6.0.Z.EUS:dnsmasq-0:2.79-21.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS:dnsmasq-debuginfo-0:2.79-21.el8_6.5.aarch64",
"AppStream-8.6.0.Z.EUS:dnsmasq-debuginfo-0:2.79-21.el8_6.5.ppc64le",
"AppStream-8.6.0.Z.EUS:dnsmasq-debuginfo-0:2.79-21.el8_6.5.s390x",
"AppStream-8.6.0.Z.EUS:dnsmasq-debuginfo-0:2.79-21.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS:dnsmasq-debugsource-0:2.79-21.el8_6.5.aarch64",
"AppStream-8.6.0.Z.EUS:dnsmasq-debugsource-0:2.79-21.el8_6.5.ppc64le",
"AppStream-8.6.0.Z.EUS:dnsmasq-debugsource-0:2.79-21.el8_6.5.s390x",
"AppStream-8.6.0.Z.EUS:dnsmasq-debugsource-0:2.79-21.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-0:2.79-21.el8_6.5.aarch64",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-0:2.79-21.el8_6.5.ppc64le",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-0:2.79-21.el8_6.5.s390x",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-0:2.79-21.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-21.el8_6.5.aarch64",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-21.el8_6.5.ppc64le",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-21.el8_6.5.s390x",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-21.el8_6.5.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.6.0.Z.EUS:dnsmasq-0:2.79-21.el8_6.5.aarch64",
"AppStream-8.6.0.Z.EUS:dnsmasq-0:2.79-21.el8_6.5.ppc64le",
"AppStream-8.6.0.Z.EUS:dnsmasq-0:2.79-21.el8_6.5.s390x",
"AppStream-8.6.0.Z.EUS:dnsmasq-0:2.79-21.el8_6.5.src",
"AppStream-8.6.0.Z.EUS:dnsmasq-0:2.79-21.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS:dnsmasq-debuginfo-0:2.79-21.el8_6.5.aarch64",
"AppStream-8.6.0.Z.EUS:dnsmasq-debuginfo-0:2.79-21.el8_6.5.ppc64le",
"AppStream-8.6.0.Z.EUS:dnsmasq-debuginfo-0:2.79-21.el8_6.5.s390x",
"AppStream-8.6.0.Z.EUS:dnsmasq-debuginfo-0:2.79-21.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS:dnsmasq-debugsource-0:2.79-21.el8_6.5.aarch64",
"AppStream-8.6.0.Z.EUS:dnsmasq-debugsource-0:2.79-21.el8_6.5.ppc64le",
"AppStream-8.6.0.Z.EUS:dnsmasq-debugsource-0:2.79-21.el8_6.5.s390x",
"AppStream-8.6.0.Z.EUS:dnsmasq-debugsource-0:2.79-21.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-0:2.79-21.el8_6.5.aarch64",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-0:2.79-21.el8_6.5.ppc64le",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-0:2.79-21.el8_6.5.s390x",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-0:2.79-21.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-21.el8_6.5.aarch64",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-21.el8_6.5.ppc64le",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-21.el8_6.5.s390x",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-21.el8_6.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "bind9: KeyTrap - Extreme CPU consumption in DNSSEC validator"
},
{
"cve": "CVE-2023-50868",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2024-02-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2263917"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in bind9. By flooding a DNSSEC resolver with responses coming from a DNSEC-signed zone using NSEC3, an attacker can lead the targeted resolver to a CPU exhaustion, further leading to a Denial of Service on the targeted host.\r\n\r\nThis vulnerability applies only for systems where DNSSEC validation is enabled.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "bind9: Preparing an NSEC3 closest encloser proof can exhaust CPU resources",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The vulnerability in BIND9 that leads to CPU exhaustion through a flood of DNSSEC responses with NSEC3 signatures is a important severity issue due to its potential to induce a Denial of Service (DoS) condition on affected resolvers. By exploiting this flaw, an attacker can overwhelm a DNSSEC-enabled resolver with computationally intensive tasks, depleting CPU resources and disrupting normal DNS operations. This can result in significant service outages, affecting the resolver\u0027s ability to process legitimate DNS queries and thereby compromising network availability and reliability. The impact is exacerbated in high-traffic environments or where DNSSEC validation is extensively employed, making prompt remediation essential to prevent operational disruptions and maintain DNS infrastructure integrity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.6.0.Z.EUS:dnsmasq-0:2.79-21.el8_6.5.aarch64",
"AppStream-8.6.0.Z.EUS:dnsmasq-0:2.79-21.el8_6.5.ppc64le",
"AppStream-8.6.0.Z.EUS:dnsmasq-0:2.79-21.el8_6.5.s390x",
"AppStream-8.6.0.Z.EUS:dnsmasq-0:2.79-21.el8_6.5.src",
"AppStream-8.6.0.Z.EUS:dnsmasq-0:2.79-21.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS:dnsmasq-debuginfo-0:2.79-21.el8_6.5.aarch64",
"AppStream-8.6.0.Z.EUS:dnsmasq-debuginfo-0:2.79-21.el8_6.5.ppc64le",
"AppStream-8.6.0.Z.EUS:dnsmasq-debuginfo-0:2.79-21.el8_6.5.s390x",
"AppStream-8.6.0.Z.EUS:dnsmasq-debuginfo-0:2.79-21.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS:dnsmasq-debugsource-0:2.79-21.el8_6.5.aarch64",
"AppStream-8.6.0.Z.EUS:dnsmasq-debugsource-0:2.79-21.el8_6.5.ppc64le",
"AppStream-8.6.0.Z.EUS:dnsmasq-debugsource-0:2.79-21.el8_6.5.s390x",
"AppStream-8.6.0.Z.EUS:dnsmasq-debugsource-0:2.79-21.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-0:2.79-21.el8_6.5.aarch64",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-0:2.79-21.el8_6.5.ppc64le",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-0:2.79-21.el8_6.5.s390x",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-0:2.79-21.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-21.el8_6.5.aarch64",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-21.el8_6.5.ppc64le",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-21.el8_6.5.s390x",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-21.el8_6.5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-50868"
},
{
"category": "external",
"summary": "RHBZ#2263917",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2263917"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-50868",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50868"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-50868",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-50868"
},
{
"category": "external",
"summary": "https://blog.powerdns.com/2024/02/13/powerdns-recursor-4-8-6-4-9-3-5-0-2-released",
"url": "https://blog.powerdns.com/2024/02/13/powerdns-recursor-4-8-6-4-9-3-5-0-2-released"
},
{
"category": "external",
"summary": "https://kb.isc.org/docs/cve-2023-50868",
"url": "https://kb.isc.org/docs/cve-2023-50868"
},
{
"category": "external",
"summary": "https://www.knot-resolver.cz/2024-02-13-knot-resolver-5.7.1.html",
"url": "https://www.knot-resolver.cz/2024-02-13-knot-resolver-5.7.1.html"
}
],
"release_date": "2024-02-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-03-27T15:12:39+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.6.0.Z.EUS:dnsmasq-0:2.79-21.el8_6.5.aarch64",
"AppStream-8.6.0.Z.EUS:dnsmasq-0:2.79-21.el8_6.5.ppc64le",
"AppStream-8.6.0.Z.EUS:dnsmasq-0:2.79-21.el8_6.5.s390x",
"AppStream-8.6.0.Z.EUS:dnsmasq-0:2.79-21.el8_6.5.src",
"AppStream-8.6.0.Z.EUS:dnsmasq-0:2.79-21.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS:dnsmasq-debuginfo-0:2.79-21.el8_6.5.aarch64",
"AppStream-8.6.0.Z.EUS:dnsmasq-debuginfo-0:2.79-21.el8_6.5.ppc64le",
"AppStream-8.6.0.Z.EUS:dnsmasq-debuginfo-0:2.79-21.el8_6.5.s390x",
"AppStream-8.6.0.Z.EUS:dnsmasq-debuginfo-0:2.79-21.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS:dnsmasq-debugsource-0:2.79-21.el8_6.5.aarch64",
"AppStream-8.6.0.Z.EUS:dnsmasq-debugsource-0:2.79-21.el8_6.5.ppc64le",
"AppStream-8.6.0.Z.EUS:dnsmasq-debugsource-0:2.79-21.el8_6.5.s390x",
"AppStream-8.6.0.Z.EUS:dnsmasq-debugsource-0:2.79-21.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-0:2.79-21.el8_6.5.aarch64",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-0:2.79-21.el8_6.5.ppc64le",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-0:2.79-21.el8_6.5.s390x",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-0:2.79-21.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-21.el8_6.5.aarch64",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-21.el8_6.5.ppc64le",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-21.el8_6.5.s390x",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-21.el8_6.5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:1545"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.6.0.Z.EUS:dnsmasq-0:2.79-21.el8_6.5.aarch64",
"AppStream-8.6.0.Z.EUS:dnsmasq-0:2.79-21.el8_6.5.ppc64le",
"AppStream-8.6.0.Z.EUS:dnsmasq-0:2.79-21.el8_6.5.s390x",
"AppStream-8.6.0.Z.EUS:dnsmasq-0:2.79-21.el8_6.5.src",
"AppStream-8.6.0.Z.EUS:dnsmasq-0:2.79-21.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS:dnsmasq-debuginfo-0:2.79-21.el8_6.5.aarch64",
"AppStream-8.6.0.Z.EUS:dnsmasq-debuginfo-0:2.79-21.el8_6.5.ppc64le",
"AppStream-8.6.0.Z.EUS:dnsmasq-debuginfo-0:2.79-21.el8_6.5.s390x",
"AppStream-8.6.0.Z.EUS:dnsmasq-debuginfo-0:2.79-21.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS:dnsmasq-debugsource-0:2.79-21.el8_6.5.aarch64",
"AppStream-8.6.0.Z.EUS:dnsmasq-debugsource-0:2.79-21.el8_6.5.ppc64le",
"AppStream-8.6.0.Z.EUS:dnsmasq-debugsource-0:2.79-21.el8_6.5.s390x",
"AppStream-8.6.0.Z.EUS:dnsmasq-debugsource-0:2.79-21.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-0:2.79-21.el8_6.5.aarch64",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-0:2.79-21.el8_6.5.ppc64le",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-0:2.79-21.el8_6.5.s390x",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-0:2.79-21.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-21.el8_6.5.aarch64",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-21.el8_6.5.ppc64le",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-21.el8_6.5.s390x",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-21.el8_6.5.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.6.0.Z.EUS:dnsmasq-0:2.79-21.el8_6.5.aarch64",
"AppStream-8.6.0.Z.EUS:dnsmasq-0:2.79-21.el8_6.5.ppc64le",
"AppStream-8.6.0.Z.EUS:dnsmasq-0:2.79-21.el8_6.5.s390x",
"AppStream-8.6.0.Z.EUS:dnsmasq-0:2.79-21.el8_6.5.src",
"AppStream-8.6.0.Z.EUS:dnsmasq-0:2.79-21.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS:dnsmasq-debuginfo-0:2.79-21.el8_6.5.aarch64",
"AppStream-8.6.0.Z.EUS:dnsmasq-debuginfo-0:2.79-21.el8_6.5.ppc64le",
"AppStream-8.6.0.Z.EUS:dnsmasq-debuginfo-0:2.79-21.el8_6.5.s390x",
"AppStream-8.6.0.Z.EUS:dnsmasq-debuginfo-0:2.79-21.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS:dnsmasq-debugsource-0:2.79-21.el8_6.5.aarch64",
"AppStream-8.6.0.Z.EUS:dnsmasq-debugsource-0:2.79-21.el8_6.5.ppc64le",
"AppStream-8.6.0.Z.EUS:dnsmasq-debugsource-0:2.79-21.el8_6.5.s390x",
"AppStream-8.6.0.Z.EUS:dnsmasq-debugsource-0:2.79-21.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-0:2.79-21.el8_6.5.aarch64",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-0:2.79-21.el8_6.5.ppc64le",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-0:2.79-21.el8_6.5.s390x",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-0:2.79-21.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-21.el8_6.5.aarch64",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-21.el8_6.5.ppc64le",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-21.el8_6.5.s390x",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-21.el8_6.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "bind9: Preparing an NSEC3 closest encloser proof can exhaust CPU resources"
}
]
}
RHSA-2024_1545
Vulnerability from csaf_redhat - Published: 2024-03-27 15:12 - Updated: 2024-12-12 14:17Summary
Red Hat Security Advisory: dnsmasq security update
Severity
Important
Notes
Topic: An update for dnsmasq is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.
Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.
Details: The dnsmasq packages contain dnsmasq, a lightweight DNS (Domain Name Server) forwarder and DHCP (Dynamic Host Configuration Protocol) server.
Security Fixes:
* dnsmasq: Heap use after free in dhcp6_no_relay (CVE-2022-0934)
* dnsmasq: default maximum EDNS.0 UDP packet size was set to 4096 but should be 1232 (CVE-2023-28450)
* dnsmasq: bind9: KeyTrap - Extreme CPU consumption in DNSSEC validator (CVE-2023-50387)
* dnsmasq: bind9: Preparing an NSEC3 closest encloser proof can exhaust CPU resources (CVE-2023-50868)
For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.
Terms of Use: This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.
A single-byte, non-arbitrary write/use-after-free flaw was found in dnsmasq. This flaw allows an attacker who sends a crafted packet processed by dnsmasq, potentially causing a denial of service.
7.5 (High)
Affected products
Fixed
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.6.0.Z.EUS:dnsmasq-0:2.79-21.el8_6.5.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:dnsmasq-0:2.79-21.el8_6.5.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:dnsmasq-0:2.79-21.el8_6.5.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:dnsmasq-0:2.79-21.el8_6.5.src | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:dnsmasq-0:2.79-21.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:dnsmasq-debuginfo-0:2.79-21.el8_6.5.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:dnsmasq-debuginfo-0:2.79-21.el8_6.5.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:dnsmasq-debuginfo-0:2.79-21.el8_6.5.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:dnsmasq-debuginfo-0:2.79-21.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:dnsmasq-debugsource-0:2.79-21.el8_6.5.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:dnsmasq-debugsource-0:2.79-21.el8_6.5.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:dnsmasq-debugsource-0:2.79-21.el8_6.5.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:dnsmasq-debugsource-0:2.79-21.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:dnsmasq-utils-0:2.79-21.el8_6.5.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:dnsmasq-utils-0:2.79-21.el8_6.5.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:dnsmasq-utils-0:2.79-21.el8_6.5.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:dnsmasq-utils-0:2.79-21.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-21.el8_6.5.aarch64 | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-21.el8_6.5.ppc64le | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-21.el8_6.5.s390x | — |
Vendor Fix
fix
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-21.el8_6.5.x86_64 | — |
Vendor Fix
fix
|
Threats
Impact
Moderate
A flaw was found in Dnsmasq. The default maximum EDNS.0 UDP packet size was set to 4096 but should be 1232 because of DNS Flag Day 2020.
7.5 (High)
Affected products
Fixed
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.6.0.Z.EUS:dnsmasq-0:2.79-21.el8_6.5.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:dnsmasq-0:2.79-21.el8_6.5.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:dnsmasq-0:2.79-21.el8_6.5.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:dnsmasq-0:2.79-21.el8_6.5.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:dnsmasq-0:2.79-21.el8_6.5.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:dnsmasq-debuginfo-0:2.79-21.el8_6.5.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:dnsmasq-debuginfo-0:2.79-21.el8_6.5.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:dnsmasq-debuginfo-0:2.79-21.el8_6.5.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:dnsmasq-debuginfo-0:2.79-21.el8_6.5.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:dnsmasq-debugsource-0:2.79-21.el8_6.5.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:dnsmasq-debugsource-0:2.79-21.el8_6.5.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:dnsmasq-debugsource-0:2.79-21.el8_6.5.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:dnsmasq-debugsource-0:2.79-21.el8_6.5.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:dnsmasq-utils-0:2.79-21.el8_6.5.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:dnsmasq-utils-0:2.79-21.el8_6.5.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:dnsmasq-utils-0:2.79-21.el8_6.5.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:dnsmasq-utils-0:2.79-21.el8_6.5.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-21.el8_6.5.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-21.el8_6.5.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-21.el8_6.5.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-21.el8_6.5.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Moderate
Processing specially crafted responses coming from DNSSEC-signed zones can lead to uncontrolled CPU usage, leading to a Denial of Service in the DNSSEC-validating resolver side. This vulnerability applies only for systems where DNSSEC validation is enabled.
7.5 (High)
Affected products
Fixed
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.6.0.Z.EUS:dnsmasq-0:2.79-21.el8_6.5.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:dnsmasq-0:2.79-21.el8_6.5.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:dnsmasq-0:2.79-21.el8_6.5.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:dnsmasq-0:2.79-21.el8_6.5.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:dnsmasq-0:2.79-21.el8_6.5.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:dnsmasq-debuginfo-0:2.79-21.el8_6.5.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:dnsmasq-debuginfo-0:2.79-21.el8_6.5.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:dnsmasq-debuginfo-0:2.79-21.el8_6.5.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:dnsmasq-debuginfo-0:2.79-21.el8_6.5.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:dnsmasq-debugsource-0:2.79-21.el8_6.5.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:dnsmasq-debugsource-0:2.79-21.el8_6.5.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:dnsmasq-debugsource-0:2.79-21.el8_6.5.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:dnsmasq-debugsource-0:2.79-21.el8_6.5.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:dnsmasq-utils-0:2.79-21.el8_6.5.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:dnsmasq-utils-0:2.79-21.el8_6.5.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:dnsmasq-utils-0:2.79-21.el8_6.5.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:dnsmasq-utils-0:2.79-21.el8_6.5.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-21.el8_6.5.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-21.el8_6.5.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-21.el8_6.5.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-21.el8_6.5.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
A flaw was found in bind9. By flooding a DNSSEC resolver with responses coming from a DNSEC-signed zone using NSEC3, an attacker can lead the targeted resolver to a CPU exhaustion, further leading to a Denial of Service on the targeted host. This vulnerability applies only for systems where DNSSEC validation is enabled.
7.5 (High)
Affected products
Fixed
21 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: AppStream-8.6.0.Z.EUS:dnsmasq-0:2.79-21.el8_6.5.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:dnsmasq-0:2.79-21.el8_6.5.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:dnsmasq-0:2.79-21.el8_6.5.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:dnsmasq-0:2.79-21.el8_6.5.src | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:dnsmasq-0:2.79-21.el8_6.5.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:dnsmasq-debuginfo-0:2.79-21.el8_6.5.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:dnsmasq-debuginfo-0:2.79-21.el8_6.5.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:dnsmasq-debuginfo-0:2.79-21.el8_6.5.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:dnsmasq-debuginfo-0:2.79-21.el8_6.5.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:dnsmasq-debugsource-0:2.79-21.el8_6.5.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:dnsmasq-debugsource-0:2.79-21.el8_6.5.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:dnsmasq-debugsource-0:2.79-21.el8_6.5.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:dnsmasq-debugsource-0:2.79-21.el8_6.5.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:dnsmasq-utils-0:2.79-21.el8_6.5.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:dnsmasq-utils-0:2.79-21.el8_6.5.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:dnsmasq-utils-0:2.79-21.el8_6.5.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:dnsmasq-utils-0:2.79-21.el8_6.5.x86_64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-21.el8_6.5.aarch64 | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-21.el8_6.5.ppc64le | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-21.el8_6.5.s390x | — |
Vendor Fix
fix
Workaround
|
|
| Unresolved product id: AppStream-8.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-21.el8_6.5.x86_64 | — |
Vendor Fix
fix
Workaround
|
Threats
Impact
Important
References
29 references
Acknowledgments
Trellix Threat Labs
Richard Johnson
Red Hat, Inc.
Petr Menšík
{
"document": {
"aggregate_severity": {
"namespace": "https://access.redhat.com/security/updates/classification/",
"text": "Important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright \u00a9 Red Hat, Inc. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "An update for dnsmasq is now available for Red Hat Enterprise Linux 8.6 Extended Update Support.\n\nRed Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.",
"title": "Topic"
},
{
"category": "general",
"text": "The dnsmasq packages contain dnsmasq, a lightweight DNS (Domain Name Server) forwarder and DHCP (Dynamic Host Configuration Protocol) server.\n\nSecurity Fixes:\n\n* dnsmasq: Heap use after free in dhcp6_no_relay (CVE-2022-0934)\n\n* dnsmasq: default maximum EDNS.0 UDP packet size was set to 4096 but should be 1232 (CVE-2023-28450)\n\n* dnsmasq: bind9: KeyTrap - Extreme CPU consumption in DNSSEC validator (CVE-2023-50387)\n\n* dnsmasq: bind9: Preparing an NSEC3 closest encloser proof can exhaust CPU resources (CVE-2023-50868)\n\nFor more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.",
"title": "Details"
},
{
"category": "legal_disclaimer",
"text": "This content is licensed under the Creative Commons Attribution 4.0 International License (https://creativecommons.org/licenses/by/4.0/). If you distribute this content, or a modified version of it, you must provide attribution to Red Hat Inc. and provide a link to the original.",
"title": "Terms of Use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://access.redhat.com/security/team/contact/",
"issuing_authority": "Red Hat Product Security is responsible for vulnerability handling across all Red Hat products and services.",
"name": "Red Hat Product Security",
"namespace": "https://www.redhat.com"
},
"references": [
{
"category": "self",
"summary": "https://access.redhat.com/errata/RHSA-2024:1545",
"url": "https://access.redhat.com/errata/RHSA-2024:1545"
},
{
"category": "external",
"summary": "https://access.redhat.com/security/updates/classification/#important",
"url": "https://access.redhat.com/security/updates/classification/#important"
},
{
"category": "external",
"summary": "2057075",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2057075"
},
{
"category": "external",
"summary": "2178948",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2178948"
},
{
"category": "external",
"summary": "2263914",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2263914"
},
{
"category": "external",
"summary": "2263917",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2263917"
},
{
"category": "self",
"summary": "Canonical URL",
"url": "https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_1545.json"
}
],
"title": "Red Hat Security Advisory: dnsmasq security update",
"tracking": {
"current_release_date": "2024-12-12T14:17:01+00:00",
"generator": {
"date": "2024-12-12T14:17:01+00:00",
"engine": {
"name": "Red Hat SDEngine",
"version": "4.2.3"
}
},
"id": "RHSA-2024:1545",
"initial_release_date": "2024-03-27T15:12:39+00:00",
"revision_history": [
{
"date": "2024-03-27T15:12:39+00:00",
"number": "1",
"summary": "Initial version"
},
{
"date": "2024-03-27T15:12:39+00:00",
"number": "2",
"summary": "Last updated version"
},
{
"date": "2024-12-12T14:17:01+00:00",
"number": "3",
"summary": "Last generated version"
}
],
"status": "final",
"version": "3"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_name",
"name": "Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product": {
"name": "Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS",
"product_identification_helper": {
"cpe": "cpe:/a:redhat:rhel_eus:8.6::appstream"
}
}
}
],
"category": "product_family",
"name": "Red Hat Enterprise Linux"
},
{
"branches": [
{
"category": "product_version",
"name": "dnsmasq-0:2.79-21.el8_6.5.src",
"product": {
"name": "dnsmasq-0:2.79-21.el8_6.5.src",
"product_id": "dnsmasq-0:2.79-21.el8_6.5.src",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dnsmasq@2.79-21.el8_6.5?arch=src"
}
}
}
],
"category": "architecture",
"name": "src"
},
{
"branches": [
{
"category": "product_version",
"name": "dnsmasq-0:2.79-21.el8_6.5.aarch64",
"product": {
"name": "dnsmasq-0:2.79-21.el8_6.5.aarch64",
"product_id": "dnsmasq-0:2.79-21.el8_6.5.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dnsmasq@2.79-21.el8_6.5?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "dnsmasq-utils-0:2.79-21.el8_6.5.aarch64",
"product": {
"name": "dnsmasq-utils-0:2.79-21.el8_6.5.aarch64",
"product_id": "dnsmasq-utils-0:2.79-21.el8_6.5.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dnsmasq-utils@2.79-21.el8_6.5?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "dnsmasq-debugsource-0:2.79-21.el8_6.5.aarch64",
"product": {
"name": "dnsmasq-debugsource-0:2.79-21.el8_6.5.aarch64",
"product_id": "dnsmasq-debugsource-0:2.79-21.el8_6.5.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dnsmasq-debugsource@2.79-21.el8_6.5?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "dnsmasq-debuginfo-0:2.79-21.el8_6.5.aarch64",
"product": {
"name": "dnsmasq-debuginfo-0:2.79-21.el8_6.5.aarch64",
"product_id": "dnsmasq-debuginfo-0:2.79-21.el8_6.5.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dnsmasq-debuginfo@2.79-21.el8_6.5?arch=aarch64"
}
}
},
{
"category": "product_version",
"name": "dnsmasq-utils-debuginfo-0:2.79-21.el8_6.5.aarch64",
"product": {
"name": "dnsmasq-utils-debuginfo-0:2.79-21.el8_6.5.aarch64",
"product_id": "dnsmasq-utils-debuginfo-0:2.79-21.el8_6.5.aarch64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dnsmasq-utils-debuginfo@2.79-21.el8_6.5?arch=aarch64"
}
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "dnsmasq-0:2.79-21.el8_6.5.ppc64le",
"product": {
"name": "dnsmasq-0:2.79-21.el8_6.5.ppc64le",
"product_id": "dnsmasq-0:2.79-21.el8_6.5.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dnsmasq@2.79-21.el8_6.5?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "dnsmasq-utils-0:2.79-21.el8_6.5.ppc64le",
"product": {
"name": "dnsmasq-utils-0:2.79-21.el8_6.5.ppc64le",
"product_id": "dnsmasq-utils-0:2.79-21.el8_6.5.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dnsmasq-utils@2.79-21.el8_6.5?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "dnsmasq-debugsource-0:2.79-21.el8_6.5.ppc64le",
"product": {
"name": "dnsmasq-debugsource-0:2.79-21.el8_6.5.ppc64le",
"product_id": "dnsmasq-debugsource-0:2.79-21.el8_6.5.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dnsmasq-debugsource@2.79-21.el8_6.5?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "dnsmasq-debuginfo-0:2.79-21.el8_6.5.ppc64le",
"product": {
"name": "dnsmasq-debuginfo-0:2.79-21.el8_6.5.ppc64le",
"product_id": "dnsmasq-debuginfo-0:2.79-21.el8_6.5.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dnsmasq-debuginfo@2.79-21.el8_6.5?arch=ppc64le"
}
}
},
{
"category": "product_version",
"name": "dnsmasq-utils-debuginfo-0:2.79-21.el8_6.5.ppc64le",
"product": {
"name": "dnsmasq-utils-debuginfo-0:2.79-21.el8_6.5.ppc64le",
"product_id": "dnsmasq-utils-debuginfo-0:2.79-21.el8_6.5.ppc64le",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dnsmasq-utils-debuginfo@2.79-21.el8_6.5?arch=ppc64le"
}
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "dnsmasq-0:2.79-21.el8_6.5.x86_64",
"product": {
"name": "dnsmasq-0:2.79-21.el8_6.5.x86_64",
"product_id": "dnsmasq-0:2.79-21.el8_6.5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dnsmasq@2.79-21.el8_6.5?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "dnsmasq-utils-0:2.79-21.el8_6.5.x86_64",
"product": {
"name": "dnsmasq-utils-0:2.79-21.el8_6.5.x86_64",
"product_id": "dnsmasq-utils-0:2.79-21.el8_6.5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dnsmasq-utils@2.79-21.el8_6.5?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "dnsmasq-debugsource-0:2.79-21.el8_6.5.x86_64",
"product": {
"name": "dnsmasq-debugsource-0:2.79-21.el8_6.5.x86_64",
"product_id": "dnsmasq-debugsource-0:2.79-21.el8_6.5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dnsmasq-debugsource@2.79-21.el8_6.5?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "dnsmasq-debuginfo-0:2.79-21.el8_6.5.x86_64",
"product": {
"name": "dnsmasq-debuginfo-0:2.79-21.el8_6.5.x86_64",
"product_id": "dnsmasq-debuginfo-0:2.79-21.el8_6.5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dnsmasq-debuginfo@2.79-21.el8_6.5?arch=x86_64"
}
}
},
{
"category": "product_version",
"name": "dnsmasq-utils-debuginfo-0:2.79-21.el8_6.5.x86_64",
"product": {
"name": "dnsmasq-utils-debuginfo-0:2.79-21.el8_6.5.x86_64",
"product_id": "dnsmasq-utils-debuginfo-0:2.79-21.el8_6.5.x86_64",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dnsmasq-utils-debuginfo@2.79-21.el8_6.5?arch=x86_64"
}
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_version",
"name": "dnsmasq-0:2.79-21.el8_6.5.s390x",
"product": {
"name": "dnsmasq-0:2.79-21.el8_6.5.s390x",
"product_id": "dnsmasq-0:2.79-21.el8_6.5.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dnsmasq@2.79-21.el8_6.5?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "dnsmasq-utils-0:2.79-21.el8_6.5.s390x",
"product": {
"name": "dnsmasq-utils-0:2.79-21.el8_6.5.s390x",
"product_id": "dnsmasq-utils-0:2.79-21.el8_6.5.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dnsmasq-utils@2.79-21.el8_6.5?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "dnsmasq-debugsource-0:2.79-21.el8_6.5.s390x",
"product": {
"name": "dnsmasq-debugsource-0:2.79-21.el8_6.5.s390x",
"product_id": "dnsmasq-debugsource-0:2.79-21.el8_6.5.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dnsmasq-debugsource@2.79-21.el8_6.5?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "dnsmasq-debuginfo-0:2.79-21.el8_6.5.s390x",
"product": {
"name": "dnsmasq-debuginfo-0:2.79-21.el8_6.5.s390x",
"product_id": "dnsmasq-debuginfo-0:2.79-21.el8_6.5.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dnsmasq-debuginfo@2.79-21.el8_6.5?arch=s390x"
}
}
},
{
"category": "product_version",
"name": "dnsmasq-utils-debuginfo-0:2.79-21.el8_6.5.s390x",
"product": {
"name": "dnsmasq-utils-debuginfo-0:2.79-21.el8_6.5.s390x",
"product_id": "dnsmasq-utils-debuginfo-0:2.79-21.el8_6.5.s390x",
"product_identification_helper": {
"purl": "pkg:rpm/redhat/dnsmasq-utils-debuginfo@2.79-21.el8_6.5?arch=s390x"
}
}
}
],
"category": "architecture",
"name": "s390x"
}
],
"category": "vendor",
"name": "Red Hat"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-0:2.79-21.el8_6.5.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:dnsmasq-0:2.79-21.el8_6.5.aarch64"
},
"product_reference": "dnsmasq-0:2.79-21.el8_6.5.aarch64",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-0:2.79-21.el8_6.5.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:dnsmasq-0:2.79-21.el8_6.5.ppc64le"
},
"product_reference": "dnsmasq-0:2.79-21.el8_6.5.ppc64le",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-0:2.79-21.el8_6.5.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:dnsmasq-0:2.79-21.el8_6.5.s390x"
},
"product_reference": "dnsmasq-0:2.79-21.el8_6.5.s390x",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-0:2.79-21.el8_6.5.src as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:dnsmasq-0:2.79-21.el8_6.5.src"
},
"product_reference": "dnsmasq-0:2.79-21.el8_6.5.src",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-0:2.79-21.el8_6.5.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:dnsmasq-0:2.79-21.el8_6.5.x86_64"
},
"product_reference": "dnsmasq-0:2.79-21.el8_6.5.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-debuginfo-0:2.79-21.el8_6.5.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:dnsmasq-debuginfo-0:2.79-21.el8_6.5.aarch64"
},
"product_reference": "dnsmasq-debuginfo-0:2.79-21.el8_6.5.aarch64",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-debuginfo-0:2.79-21.el8_6.5.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:dnsmasq-debuginfo-0:2.79-21.el8_6.5.ppc64le"
},
"product_reference": "dnsmasq-debuginfo-0:2.79-21.el8_6.5.ppc64le",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-debuginfo-0:2.79-21.el8_6.5.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:dnsmasq-debuginfo-0:2.79-21.el8_6.5.s390x"
},
"product_reference": "dnsmasq-debuginfo-0:2.79-21.el8_6.5.s390x",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-debuginfo-0:2.79-21.el8_6.5.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:dnsmasq-debuginfo-0:2.79-21.el8_6.5.x86_64"
},
"product_reference": "dnsmasq-debuginfo-0:2.79-21.el8_6.5.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-debugsource-0:2.79-21.el8_6.5.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:dnsmasq-debugsource-0:2.79-21.el8_6.5.aarch64"
},
"product_reference": "dnsmasq-debugsource-0:2.79-21.el8_6.5.aarch64",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-debugsource-0:2.79-21.el8_6.5.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:dnsmasq-debugsource-0:2.79-21.el8_6.5.ppc64le"
},
"product_reference": "dnsmasq-debugsource-0:2.79-21.el8_6.5.ppc64le",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-debugsource-0:2.79-21.el8_6.5.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:dnsmasq-debugsource-0:2.79-21.el8_6.5.s390x"
},
"product_reference": "dnsmasq-debugsource-0:2.79-21.el8_6.5.s390x",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-debugsource-0:2.79-21.el8_6.5.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:dnsmasq-debugsource-0:2.79-21.el8_6.5.x86_64"
},
"product_reference": "dnsmasq-debugsource-0:2.79-21.el8_6.5.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-utils-0:2.79-21.el8_6.5.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:dnsmasq-utils-0:2.79-21.el8_6.5.aarch64"
},
"product_reference": "dnsmasq-utils-0:2.79-21.el8_6.5.aarch64",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-utils-0:2.79-21.el8_6.5.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:dnsmasq-utils-0:2.79-21.el8_6.5.ppc64le"
},
"product_reference": "dnsmasq-utils-0:2.79-21.el8_6.5.ppc64le",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-utils-0:2.79-21.el8_6.5.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:dnsmasq-utils-0:2.79-21.el8_6.5.s390x"
},
"product_reference": "dnsmasq-utils-0:2.79-21.el8_6.5.s390x",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-utils-0:2.79-21.el8_6.5.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:dnsmasq-utils-0:2.79-21.el8_6.5.x86_64"
},
"product_reference": "dnsmasq-utils-0:2.79-21.el8_6.5.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-utils-debuginfo-0:2.79-21.el8_6.5.aarch64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-21.el8_6.5.aarch64"
},
"product_reference": "dnsmasq-utils-debuginfo-0:2.79-21.el8_6.5.aarch64",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-utils-debuginfo-0:2.79-21.el8_6.5.ppc64le as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-21.el8_6.5.ppc64le"
},
"product_reference": "dnsmasq-utils-debuginfo-0:2.79-21.el8_6.5.ppc64le",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-utils-debuginfo-0:2.79-21.el8_6.5.s390x as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-21.el8_6.5.s390x"
},
"product_reference": "dnsmasq-utils-debuginfo-0:2.79-21.el8_6.5.s390x",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-utils-debuginfo-0:2.79-21.el8_6.5.x86_64 as a component of Red Hat Enterprise Linux AppStream EUS (v.8.6)",
"product_id": "AppStream-8.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-21.el8_6.5.x86_64"
},
"product_reference": "dnsmasq-utils-debuginfo-0:2.79-21.el8_6.5.x86_64",
"relates_to_product_reference": "AppStream-8.6.0.Z.EUS"
}
]
},
"vulnerabilities": [
{
"acknowledgments": [
{
"names": [
"Richard Johnson"
],
"organization": "Trellix Threat Labs"
},
{
"names": [
"Petr Men\u0161\u00edk"
],
"organization": "Red Hat, Inc.",
"summary": "This issue was discovered by Red Hat."
}
],
"cve": "CVE-2022-0934",
"cwe": {
"id": "CWE-416",
"name": "Use After Free"
},
"discovery_date": "2022-02-21T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2057075"
}
],
"notes": [
{
"category": "description",
"text": "A single-byte, non-arbitrary write/use-after-free flaw was found in dnsmasq. This flaw allows an attacker who sends a crafted packet processed by dnsmasq, potentially causing a denial of service.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "dnsmasq: Heap use after free in dhcp6_no_relay",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The severity of this flaw was set to Moderate because this is a 1-byte out-of-bounds write/use-after-free issue where the attacker does not control the data written (it is predefined in a header file). The highest impact is only to availability.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.6.0.Z.EUS:dnsmasq-0:2.79-21.el8_6.5.aarch64",
"AppStream-8.6.0.Z.EUS:dnsmasq-0:2.79-21.el8_6.5.ppc64le",
"AppStream-8.6.0.Z.EUS:dnsmasq-0:2.79-21.el8_6.5.s390x",
"AppStream-8.6.0.Z.EUS:dnsmasq-0:2.79-21.el8_6.5.src",
"AppStream-8.6.0.Z.EUS:dnsmasq-0:2.79-21.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS:dnsmasq-debuginfo-0:2.79-21.el8_6.5.aarch64",
"AppStream-8.6.0.Z.EUS:dnsmasq-debuginfo-0:2.79-21.el8_6.5.ppc64le",
"AppStream-8.6.0.Z.EUS:dnsmasq-debuginfo-0:2.79-21.el8_6.5.s390x",
"AppStream-8.6.0.Z.EUS:dnsmasq-debuginfo-0:2.79-21.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS:dnsmasq-debugsource-0:2.79-21.el8_6.5.aarch64",
"AppStream-8.6.0.Z.EUS:dnsmasq-debugsource-0:2.79-21.el8_6.5.ppc64le",
"AppStream-8.6.0.Z.EUS:dnsmasq-debugsource-0:2.79-21.el8_6.5.s390x",
"AppStream-8.6.0.Z.EUS:dnsmasq-debugsource-0:2.79-21.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-0:2.79-21.el8_6.5.aarch64",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-0:2.79-21.el8_6.5.ppc64le",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-0:2.79-21.el8_6.5.s390x",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-0:2.79-21.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-21.el8_6.5.aarch64",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-21.el8_6.5.ppc64le",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-21.el8_6.5.s390x",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-21.el8_6.5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2022-0934"
},
{
"category": "external",
"summary": "RHBZ#2057075",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2057075"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2022-0934",
"url": "https://www.cve.org/CVERecord?id=CVE-2022-0934"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2022-0934",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2022-0934"
},
{
"category": "external",
"summary": "https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2022q1/016272.html",
"url": "https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2022q1/016272.html"
}
],
"release_date": "2022-03-28T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-03-27T15:12:39+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.6.0.Z.EUS:dnsmasq-0:2.79-21.el8_6.5.aarch64",
"AppStream-8.6.0.Z.EUS:dnsmasq-0:2.79-21.el8_6.5.ppc64le",
"AppStream-8.6.0.Z.EUS:dnsmasq-0:2.79-21.el8_6.5.s390x",
"AppStream-8.6.0.Z.EUS:dnsmasq-0:2.79-21.el8_6.5.src",
"AppStream-8.6.0.Z.EUS:dnsmasq-0:2.79-21.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS:dnsmasq-debuginfo-0:2.79-21.el8_6.5.aarch64",
"AppStream-8.6.0.Z.EUS:dnsmasq-debuginfo-0:2.79-21.el8_6.5.ppc64le",
"AppStream-8.6.0.Z.EUS:dnsmasq-debuginfo-0:2.79-21.el8_6.5.s390x",
"AppStream-8.6.0.Z.EUS:dnsmasq-debuginfo-0:2.79-21.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS:dnsmasq-debugsource-0:2.79-21.el8_6.5.aarch64",
"AppStream-8.6.0.Z.EUS:dnsmasq-debugsource-0:2.79-21.el8_6.5.ppc64le",
"AppStream-8.6.0.Z.EUS:dnsmasq-debugsource-0:2.79-21.el8_6.5.s390x",
"AppStream-8.6.0.Z.EUS:dnsmasq-debugsource-0:2.79-21.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-0:2.79-21.el8_6.5.aarch64",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-0:2.79-21.el8_6.5.ppc64le",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-0:2.79-21.el8_6.5.s390x",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-0:2.79-21.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-21.el8_6.5.aarch64",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-21.el8_6.5.ppc64le",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-21.el8_6.5.s390x",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-21.el8_6.5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:1545"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.6.0.Z.EUS:dnsmasq-0:2.79-21.el8_6.5.aarch64",
"AppStream-8.6.0.Z.EUS:dnsmasq-0:2.79-21.el8_6.5.ppc64le",
"AppStream-8.6.0.Z.EUS:dnsmasq-0:2.79-21.el8_6.5.s390x",
"AppStream-8.6.0.Z.EUS:dnsmasq-0:2.79-21.el8_6.5.src",
"AppStream-8.6.0.Z.EUS:dnsmasq-0:2.79-21.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS:dnsmasq-debuginfo-0:2.79-21.el8_6.5.aarch64",
"AppStream-8.6.0.Z.EUS:dnsmasq-debuginfo-0:2.79-21.el8_6.5.ppc64le",
"AppStream-8.6.0.Z.EUS:dnsmasq-debuginfo-0:2.79-21.el8_6.5.s390x",
"AppStream-8.6.0.Z.EUS:dnsmasq-debuginfo-0:2.79-21.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS:dnsmasq-debugsource-0:2.79-21.el8_6.5.aarch64",
"AppStream-8.6.0.Z.EUS:dnsmasq-debugsource-0:2.79-21.el8_6.5.ppc64le",
"AppStream-8.6.0.Z.EUS:dnsmasq-debugsource-0:2.79-21.el8_6.5.s390x",
"AppStream-8.6.0.Z.EUS:dnsmasq-debugsource-0:2.79-21.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-0:2.79-21.el8_6.5.aarch64",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-0:2.79-21.el8_6.5.ppc64le",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-0:2.79-21.el8_6.5.s390x",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-0:2.79-21.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-21.el8_6.5.aarch64",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-21.el8_6.5.ppc64le",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-21.el8_6.5.s390x",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-21.el8_6.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "dnsmasq: Heap use after free in dhcp6_no_relay"
},
{
"cve": "CVE-2023-28450",
"cwe": {
"id": "CWE-770",
"name": "Allocation of Resources Without Limits or Throttling"
},
"discovery_date": "2023-03-16T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2178948"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in Dnsmasq. The default maximum EDNS.0 UDP packet size was set to 4096 but should be 1232 because of DNS Flag Day 2020.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "dnsmasq: default maximum EDNS.0 UDP packet size was set to 4096 but should be 1232",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The severity of this vulnerability is not important but moderate because exploiting the vulnerability can lead to a theoretical disruption of the availability of the service, but doesn\u2019t directly compromise data integrity or confidentiality. This theoretical disruption would require an attacker to be able to induce IP fragmentation during transmission and can be mitigated with a simple configuration change in any affected version. A successful attack would require significant target specific preparation and the ability to act as a man-in-the-middle or control the path MTU of the authoritative DNS server. Additionally, this CVE is easily remediated by setting the edns-packet-max value to 1232 in the dnsmasq configuration.\n\nThe changes made for DNS Flag Day 2020 were primarily related to improving service reliability in order to make sure that DNS servers do not experience transmission failures due to IP fragmentation over networks of unknown MTU configurations. This change of the default maximum EDNS Buffer Size was coordinated so that default configurations of DNS services would provide more reliable default settings as well as avoid attacks on DNS services that can only be made possible when UDP packets are fragmented in transit. For example, if the DNS Query ID and UDP port are carried in the first IP fragment, an attacker could spoof the second fragment and poison the DNS cache by swapping the subsequent good IP fragments with their own. \n\nBy using a default maximum EDNS value of 1232 (the largest value found to avoids fragmentation on nearly all modern networks) and relying on TCP for DNS queries with larger responses, IP Fragmentation issues can be reliably avoided with the default dnsmasq configuration.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.6.0.Z.EUS:dnsmasq-0:2.79-21.el8_6.5.aarch64",
"AppStream-8.6.0.Z.EUS:dnsmasq-0:2.79-21.el8_6.5.ppc64le",
"AppStream-8.6.0.Z.EUS:dnsmasq-0:2.79-21.el8_6.5.s390x",
"AppStream-8.6.0.Z.EUS:dnsmasq-0:2.79-21.el8_6.5.src",
"AppStream-8.6.0.Z.EUS:dnsmasq-0:2.79-21.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS:dnsmasq-debuginfo-0:2.79-21.el8_6.5.aarch64",
"AppStream-8.6.0.Z.EUS:dnsmasq-debuginfo-0:2.79-21.el8_6.5.ppc64le",
"AppStream-8.6.0.Z.EUS:dnsmasq-debuginfo-0:2.79-21.el8_6.5.s390x",
"AppStream-8.6.0.Z.EUS:dnsmasq-debuginfo-0:2.79-21.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS:dnsmasq-debugsource-0:2.79-21.el8_6.5.aarch64",
"AppStream-8.6.0.Z.EUS:dnsmasq-debugsource-0:2.79-21.el8_6.5.ppc64le",
"AppStream-8.6.0.Z.EUS:dnsmasq-debugsource-0:2.79-21.el8_6.5.s390x",
"AppStream-8.6.0.Z.EUS:dnsmasq-debugsource-0:2.79-21.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-0:2.79-21.el8_6.5.aarch64",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-0:2.79-21.el8_6.5.ppc64le",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-0:2.79-21.el8_6.5.s390x",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-0:2.79-21.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-21.el8_6.5.aarch64",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-21.el8_6.5.ppc64le",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-21.el8_6.5.s390x",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-21.el8_6.5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-28450"
},
{
"category": "external",
"summary": "RHBZ#2178948",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2178948"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-28450",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-28450"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-28450",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-28450"
},
{
"category": "external",
"summary": "https://github.com/advisories/GHSA-vgrx-vhjf-p7wv",
"url": "https://github.com/advisories/GHSA-vgrx-vhjf-p7wv"
}
],
"release_date": "2023-03-15T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-03-27T15:12:39+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.6.0.Z.EUS:dnsmasq-0:2.79-21.el8_6.5.aarch64",
"AppStream-8.6.0.Z.EUS:dnsmasq-0:2.79-21.el8_6.5.ppc64le",
"AppStream-8.6.0.Z.EUS:dnsmasq-0:2.79-21.el8_6.5.s390x",
"AppStream-8.6.0.Z.EUS:dnsmasq-0:2.79-21.el8_6.5.src",
"AppStream-8.6.0.Z.EUS:dnsmasq-0:2.79-21.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS:dnsmasq-debuginfo-0:2.79-21.el8_6.5.aarch64",
"AppStream-8.6.0.Z.EUS:dnsmasq-debuginfo-0:2.79-21.el8_6.5.ppc64le",
"AppStream-8.6.0.Z.EUS:dnsmasq-debuginfo-0:2.79-21.el8_6.5.s390x",
"AppStream-8.6.0.Z.EUS:dnsmasq-debuginfo-0:2.79-21.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS:dnsmasq-debugsource-0:2.79-21.el8_6.5.aarch64",
"AppStream-8.6.0.Z.EUS:dnsmasq-debugsource-0:2.79-21.el8_6.5.ppc64le",
"AppStream-8.6.0.Z.EUS:dnsmasq-debugsource-0:2.79-21.el8_6.5.s390x",
"AppStream-8.6.0.Z.EUS:dnsmasq-debugsource-0:2.79-21.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-0:2.79-21.el8_6.5.aarch64",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-0:2.79-21.el8_6.5.ppc64le",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-0:2.79-21.el8_6.5.s390x",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-0:2.79-21.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-21.el8_6.5.aarch64",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-21.el8_6.5.ppc64le",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-21.el8_6.5.s390x",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-21.el8_6.5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:1545"
},
{
"category": "workaround",
"details": "Systems that can not be updated can still configure dnsmasq to use the recommended maximum EDNS value by setting edns-packet-max=1232 in the dnsmasq configuration.",
"product_ids": [
"AppStream-8.6.0.Z.EUS:dnsmasq-0:2.79-21.el8_6.5.aarch64",
"AppStream-8.6.0.Z.EUS:dnsmasq-0:2.79-21.el8_6.5.ppc64le",
"AppStream-8.6.0.Z.EUS:dnsmasq-0:2.79-21.el8_6.5.s390x",
"AppStream-8.6.0.Z.EUS:dnsmasq-0:2.79-21.el8_6.5.src",
"AppStream-8.6.0.Z.EUS:dnsmasq-0:2.79-21.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS:dnsmasq-debuginfo-0:2.79-21.el8_6.5.aarch64",
"AppStream-8.6.0.Z.EUS:dnsmasq-debuginfo-0:2.79-21.el8_6.5.ppc64le",
"AppStream-8.6.0.Z.EUS:dnsmasq-debuginfo-0:2.79-21.el8_6.5.s390x",
"AppStream-8.6.0.Z.EUS:dnsmasq-debuginfo-0:2.79-21.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS:dnsmasq-debugsource-0:2.79-21.el8_6.5.aarch64",
"AppStream-8.6.0.Z.EUS:dnsmasq-debugsource-0:2.79-21.el8_6.5.ppc64le",
"AppStream-8.6.0.Z.EUS:dnsmasq-debugsource-0:2.79-21.el8_6.5.s390x",
"AppStream-8.6.0.Z.EUS:dnsmasq-debugsource-0:2.79-21.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-0:2.79-21.el8_6.5.aarch64",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-0:2.79-21.el8_6.5.ppc64le",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-0:2.79-21.el8_6.5.s390x",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-0:2.79-21.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-21.el8_6.5.aarch64",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-21.el8_6.5.ppc64le",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-21.el8_6.5.s390x",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-21.el8_6.5.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.6.0.Z.EUS:dnsmasq-0:2.79-21.el8_6.5.aarch64",
"AppStream-8.6.0.Z.EUS:dnsmasq-0:2.79-21.el8_6.5.ppc64le",
"AppStream-8.6.0.Z.EUS:dnsmasq-0:2.79-21.el8_6.5.s390x",
"AppStream-8.6.0.Z.EUS:dnsmasq-0:2.79-21.el8_6.5.src",
"AppStream-8.6.0.Z.EUS:dnsmasq-0:2.79-21.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS:dnsmasq-debuginfo-0:2.79-21.el8_6.5.aarch64",
"AppStream-8.6.0.Z.EUS:dnsmasq-debuginfo-0:2.79-21.el8_6.5.ppc64le",
"AppStream-8.6.0.Z.EUS:dnsmasq-debuginfo-0:2.79-21.el8_6.5.s390x",
"AppStream-8.6.0.Z.EUS:dnsmasq-debuginfo-0:2.79-21.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS:dnsmasq-debugsource-0:2.79-21.el8_6.5.aarch64",
"AppStream-8.6.0.Z.EUS:dnsmasq-debugsource-0:2.79-21.el8_6.5.ppc64le",
"AppStream-8.6.0.Z.EUS:dnsmasq-debugsource-0:2.79-21.el8_6.5.s390x",
"AppStream-8.6.0.Z.EUS:dnsmasq-debugsource-0:2.79-21.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-0:2.79-21.el8_6.5.aarch64",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-0:2.79-21.el8_6.5.ppc64le",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-0:2.79-21.el8_6.5.s390x",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-0:2.79-21.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-21.el8_6.5.aarch64",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-21.el8_6.5.ppc64le",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-21.el8_6.5.s390x",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-21.el8_6.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Moderate"
}
],
"title": "dnsmasq: default maximum EDNS.0 UDP packet size was set to 4096 but should be 1232"
},
{
"cve": "CVE-2023-50387",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2024-02-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2263914"
}
],
"notes": [
{
"category": "description",
"text": "Processing specially crafted responses coming from DNSSEC-signed zones can lead to uncontrolled CPU usage, leading to a Denial of Service in the DNSSEC-validating resolver side.\r\n\r\nThis vulnerability applies only for systems where DNSSEC validation is enabled.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "bind9: KeyTrap - Extreme CPU consumption in DNSSEC validator",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "This vulnerability in DNSSEC-validating resolvers is of important severity because it can lead to uncontrolled CPU consumption, resulting in a Denial of Service (DoS). By exploiting this flaw, attackers can send specially crafted DNS responses that cause the resolver to enter a state of excessive resource utilization. This can severely impact the availability and performance of DNS services, affecting not only the targeted resolver but potentially cascading to other dependent systems and services.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.6.0.Z.EUS:dnsmasq-0:2.79-21.el8_6.5.aarch64",
"AppStream-8.6.0.Z.EUS:dnsmasq-0:2.79-21.el8_6.5.ppc64le",
"AppStream-8.6.0.Z.EUS:dnsmasq-0:2.79-21.el8_6.5.s390x",
"AppStream-8.6.0.Z.EUS:dnsmasq-0:2.79-21.el8_6.5.src",
"AppStream-8.6.0.Z.EUS:dnsmasq-0:2.79-21.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS:dnsmasq-debuginfo-0:2.79-21.el8_6.5.aarch64",
"AppStream-8.6.0.Z.EUS:dnsmasq-debuginfo-0:2.79-21.el8_6.5.ppc64le",
"AppStream-8.6.0.Z.EUS:dnsmasq-debuginfo-0:2.79-21.el8_6.5.s390x",
"AppStream-8.6.0.Z.EUS:dnsmasq-debuginfo-0:2.79-21.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS:dnsmasq-debugsource-0:2.79-21.el8_6.5.aarch64",
"AppStream-8.6.0.Z.EUS:dnsmasq-debugsource-0:2.79-21.el8_6.5.ppc64le",
"AppStream-8.6.0.Z.EUS:dnsmasq-debugsource-0:2.79-21.el8_6.5.s390x",
"AppStream-8.6.0.Z.EUS:dnsmasq-debugsource-0:2.79-21.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-0:2.79-21.el8_6.5.aarch64",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-0:2.79-21.el8_6.5.ppc64le",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-0:2.79-21.el8_6.5.s390x",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-0:2.79-21.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-21.el8_6.5.aarch64",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-21.el8_6.5.ppc64le",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-21.el8_6.5.s390x",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-21.el8_6.5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-50387"
},
{
"category": "external",
"summary": "RHBZ#2263914",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2263914"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-50387",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50387"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-50387",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-50387"
},
{
"category": "external",
"summary": "https://blog.powerdns.com/2024/02/13/powerdns-recursor-4-8-6-4-9-3-5-0-2-released",
"url": "https://blog.powerdns.com/2024/02/13/powerdns-recursor-4-8-6-4-9-3-5-0-2-released"
},
{
"category": "external",
"summary": "https://kb.isc.org/docs/cve-2023-50387",
"url": "https://kb.isc.org/docs/cve-2023-50387"
},
{
"category": "external",
"summary": "https://www.knot-resolver.cz/2024-02-13-knot-resolver-5.7.1.html",
"url": "https://www.knot-resolver.cz/2024-02-13-knot-resolver-5.7.1.html"
}
],
"release_date": "2024-02-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-03-27T15:12:39+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.6.0.Z.EUS:dnsmasq-0:2.79-21.el8_6.5.aarch64",
"AppStream-8.6.0.Z.EUS:dnsmasq-0:2.79-21.el8_6.5.ppc64le",
"AppStream-8.6.0.Z.EUS:dnsmasq-0:2.79-21.el8_6.5.s390x",
"AppStream-8.6.0.Z.EUS:dnsmasq-0:2.79-21.el8_6.5.src",
"AppStream-8.6.0.Z.EUS:dnsmasq-0:2.79-21.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS:dnsmasq-debuginfo-0:2.79-21.el8_6.5.aarch64",
"AppStream-8.6.0.Z.EUS:dnsmasq-debuginfo-0:2.79-21.el8_6.5.ppc64le",
"AppStream-8.6.0.Z.EUS:dnsmasq-debuginfo-0:2.79-21.el8_6.5.s390x",
"AppStream-8.6.0.Z.EUS:dnsmasq-debuginfo-0:2.79-21.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS:dnsmasq-debugsource-0:2.79-21.el8_6.5.aarch64",
"AppStream-8.6.0.Z.EUS:dnsmasq-debugsource-0:2.79-21.el8_6.5.ppc64le",
"AppStream-8.6.0.Z.EUS:dnsmasq-debugsource-0:2.79-21.el8_6.5.s390x",
"AppStream-8.6.0.Z.EUS:dnsmasq-debugsource-0:2.79-21.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-0:2.79-21.el8_6.5.aarch64",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-0:2.79-21.el8_6.5.ppc64le",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-0:2.79-21.el8_6.5.s390x",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-0:2.79-21.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-21.el8_6.5.aarch64",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-21.el8_6.5.ppc64le",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-21.el8_6.5.s390x",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-21.el8_6.5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:1545"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.6.0.Z.EUS:dnsmasq-0:2.79-21.el8_6.5.aarch64",
"AppStream-8.6.0.Z.EUS:dnsmasq-0:2.79-21.el8_6.5.ppc64le",
"AppStream-8.6.0.Z.EUS:dnsmasq-0:2.79-21.el8_6.5.s390x",
"AppStream-8.6.0.Z.EUS:dnsmasq-0:2.79-21.el8_6.5.src",
"AppStream-8.6.0.Z.EUS:dnsmasq-0:2.79-21.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS:dnsmasq-debuginfo-0:2.79-21.el8_6.5.aarch64",
"AppStream-8.6.0.Z.EUS:dnsmasq-debuginfo-0:2.79-21.el8_6.5.ppc64le",
"AppStream-8.6.0.Z.EUS:dnsmasq-debuginfo-0:2.79-21.el8_6.5.s390x",
"AppStream-8.6.0.Z.EUS:dnsmasq-debuginfo-0:2.79-21.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS:dnsmasq-debugsource-0:2.79-21.el8_6.5.aarch64",
"AppStream-8.6.0.Z.EUS:dnsmasq-debugsource-0:2.79-21.el8_6.5.ppc64le",
"AppStream-8.6.0.Z.EUS:dnsmasq-debugsource-0:2.79-21.el8_6.5.s390x",
"AppStream-8.6.0.Z.EUS:dnsmasq-debugsource-0:2.79-21.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-0:2.79-21.el8_6.5.aarch64",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-0:2.79-21.el8_6.5.ppc64le",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-0:2.79-21.el8_6.5.s390x",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-0:2.79-21.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-21.el8_6.5.aarch64",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-21.el8_6.5.ppc64le",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-21.el8_6.5.s390x",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-21.el8_6.5.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.6.0.Z.EUS:dnsmasq-0:2.79-21.el8_6.5.aarch64",
"AppStream-8.6.0.Z.EUS:dnsmasq-0:2.79-21.el8_6.5.ppc64le",
"AppStream-8.6.0.Z.EUS:dnsmasq-0:2.79-21.el8_6.5.s390x",
"AppStream-8.6.0.Z.EUS:dnsmasq-0:2.79-21.el8_6.5.src",
"AppStream-8.6.0.Z.EUS:dnsmasq-0:2.79-21.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS:dnsmasq-debuginfo-0:2.79-21.el8_6.5.aarch64",
"AppStream-8.6.0.Z.EUS:dnsmasq-debuginfo-0:2.79-21.el8_6.5.ppc64le",
"AppStream-8.6.0.Z.EUS:dnsmasq-debuginfo-0:2.79-21.el8_6.5.s390x",
"AppStream-8.6.0.Z.EUS:dnsmasq-debuginfo-0:2.79-21.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS:dnsmasq-debugsource-0:2.79-21.el8_6.5.aarch64",
"AppStream-8.6.0.Z.EUS:dnsmasq-debugsource-0:2.79-21.el8_6.5.ppc64le",
"AppStream-8.6.0.Z.EUS:dnsmasq-debugsource-0:2.79-21.el8_6.5.s390x",
"AppStream-8.6.0.Z.EUS:dnsmasq-debugsource-0:2.79-21.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-0:2.79-21.el8_6.5.aarch64",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-0:2.79-21.el8_6.5.ppc64le",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-0:2.79-21.el8_6.5.s390x",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-0:2.79-21.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-21.el8_6.5.aarch64",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-21.el8_6.5.ppc64le",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-21.el8_6.5.s390x",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-21.el8_6.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "bind9: KeyTrap - Extreme CPU consumption in DNSSEC validator"
},
{
"cve": "CVE-2023-50868",
"cwe": {
"id": "CWE-400",
"name": "Uncontrolled Resource Consumption"
},
"discovery_date": "2024-02-12T00:00:00+00:00",
"ids": [
{
"system_name": "Red Hat Bugzilla ID",
"text": "2263917"
}
],
"notes": [
{
"category": "description",
"text": "A flaw was found in bind9. By flooding a DNSSEC resolver with responses coming from a DNSEC-signed zone using NSEC3, an attacker can lead the targeted resolver to a CPU exhaustion, further leading to a Denial of Service on the targeted host.\r\n\r\nThis vulnerability applies only for systems where DNSSEC validation is enabled.",
"title": "Vulnerability description"
},
{
"category": "summary",
"text": "bind9: Preparing an NSEC3 closest encloser proof can exhaust CPU resources",
"title": "Vulnerability summary"
},
{
"category": "other",
"text": "The vulnerability in BIND9 that leads to CPU exhaustion through a flood of DNSSEC responses with NSEC3 signatures is a important severity issue due to its potential to induce a Denial of Service (DoS) condition on affected resolvers. By exploiting this flaw, an attacker can overwhelm a DNSSEC-enabled resolver with computationally intensive tasks, depleting CPU resources and disrupting normal DNS operations. This can result in significant service outages, affecting the resolver\u0027s ability to process legitimate DNS queries and thereby compromising network availability and reliability. The impact is exacerbated in high-traffic environments or where DNSSEC validation is extensively employed, making prompt remediation essential to prevent operational disruptions and maintain DNS infrastructure integrity.",
"title": "Statement"
},
{
"category": "general",
"text": "The CVSS score(s) listed for this vulnerability do not reflect the associated product\u0027s status, and are included for informational purposes to better understand the severity of this vulnerability.",
"title": "CVSS score applicability"
}
],
"product_status": {
"fixed": [
"AppStream-8.6.0.Z.EUS:dnsmasq-0:2.79-21.el8_6.5.aarch64",
"AppStream-8.6.0.Z.EUS:dnsmasq-0:2.79-21.el8_6.5.ppc64le",
"AppStream-8.6.0.Z.EUS:dnsmasq-0:2.79-21.el8_6.5.s390x",
"AppStream-8.6.0.Z.EUS:dnsmasq-0:2.79-21.el8_6.5.src",
"AppStream-8.6.0.Z.EUS:dnsmasq-0:2.79-21.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS:dnsmasq-debuginfo-0:2.79-21.el8_6.5.aarch64",
"AppStream-8.6.0.Z.EUS:dnsmasq-debuginfo-0:2.79-21.el8_6.5.ppc64le",
"AppStream-8.6.0.Z.EUS:dnsmasq-debuginfo-0:2.79-21.el8_6.5.s390x",
"AppStream-8.6.0.Z.EUS:dnsmasq-debuginfo-0:2.79-21.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS:dnsmasq-debugsource-0:2.79-21.el8_6.5.aarch64",
"AppStream-8.6.0.Z.EUS:dnsmasq-debugsource-0:2.79-21.el8_6.5.ppc64le",
"AppStream-8.6.0.Z.EUS:dnsmasq-debugsource-0:2.79-21.el8_6.5.s390x",
"AppStream-8.6.0.Z.EUS:dnsmasq-debugsource-0:2.79-21.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-0:2.79-21.el8_6.5.aarch64",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-0:2.79-21.el8_6.5.ppc64le",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-0:2.79-21.el8_6.5.s390x",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-0:2.79-21.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-21.el8_6.5.aarch64",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-21.el8_6.5.ppc64le",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-21.el8_6.5.s390x",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-21.el8_6.5.x86_64"
]
},
"references": [
{
"category": "self",
"summary": "Canonical URL",
"url": "https://access.redhat.com/security/cve/CVE-2023-50868"
},
{
"category": "external",
"summary": "RHBZ#2263917",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2263917"
},
{
"category": "external",
"summary": "https://www.cve.org/CVERecord?id=CVE-2023-50868",
"url": "https://www.cve.org/CVERecord?id=CVE-2023-50868"
},
{
"category": "external",
"summary": "https://nvd.nist.gov/vuln/detail/CVE-2023-50868",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2023-50868"
},
{
"category": "external",
"summary": "https://blog.powerdns.com/2024/02/13/powerdns-recursor-4-8-6-4-9-3-5-0-2-released",
"url": "https://blog.powerdns.com/2024/02/13/powerdns-recursor-4-8-6-4-9-3-5-0-2-released"
},
{
"category": "external",
"summary": "https://kb.isc.org/docs/cve-2023-50868",
"url": "https://kb.isc.org/docs/cve-2023-50868"
},
{
"category": "external",
"summary": "https://www.knot-resolver.cz/2024-02-13-knot-resolver-5.7.1.html",
"url": "https://www.knot-resolver.cz/2024-02-13-knot-resolver-5.7.1.html"
}
],
"release_date": "2024-02-13T00:00:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"date": "2024-03-27T15:12:39+00:00",
"details": "For details on how to apply this update, which includes the changes described in this advisory, refer to:\n\nhttps://access.redhat.com/articles/11258",
"product_ids": [
"AppStream-8.6.0.Z.EUS:dnsmasq-0:2.79-21.el8_6.5.aarch64",
"AppStream-8.6.0.Z.EUS:dnsmasq-0:2.79-21.el8_6.5.ppc64le",
"AppStream-8.6.0.Z.EUS:dnsmasq-0:2.79-21.el8_6.5.s390x",
"AppStream-8.6.0.Z.EUS:dnsmasq-0:2.79-21.el8_6.5.src",
"AppStream-8.6.0.Z.EUS:dnsmasq-0:2.79-21.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS:dnsmasq-debuginfo-0:2.79-21.el8_6.5.aarch64",
"AppStream-8.6.0.Z.EUS:dnsmasq-debuginfo-0:2.79-21.el8_6.5.ppc64le",
"AppStream-8.6.0.Z.EUS:dnsmasq-debuginfo-0:2.79-21.el8_6.5.s390x",
"AppStream-8.6.0.Z.EUS:dnsmasq-debuginfo-0:2.79-21.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS:dnsmasq-debugsource-0:2.79-21.el8_6.5.aarch64",
"AppStream-8.6.0.Z.EUS:dnsmasq-debugsource-0:2.79-21.el8_6.5.ppc64le",
"AppStream-8.6.0.Z.EUS:dnsmasq-debugsource-0:2.79-21.el8_6.5.s390x",
"AppStream-8.6.0.Z.EUS:dnsmasq-debugsource-0:2.79-21.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-0:2.79-21.el8_6.5.aarch64",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-0:2.79-21.el8_6.5.ppc64le",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-0:2.79-21.el8_6.5.s390x",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-0:2.79-21.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-21.el8_6.5.aarch64",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-21.el8_6.5.ppc64le",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-21.el8_6.5.s390x",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-21.el8_6.5.x86_64"
],
"restart_required": {
"category": "none"
},
"url": "https://access.redhat.com/errata/RHSA-2024:1545"
},
{
"category": "workaround",
"details": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.",
"product_ids": [
"AppStream-8.6.0.Z.EUS:dnsmasq-0:2.79-21.el8_6.5.aarch64",
"AppStream-8.6.0.Z.EUS:dnsmasq-0:2.79-21.el8_6.5.ppc64le",
"AppStream-8.6.0.Z.EUS:dnsmasq-0:2.79-21.el8_6.5.s390x",
"AppStream-8.6.0.Z.EUS:dnsmasq-0:2.79-21.el8_6.5.src",
"AppStream-8.6.0.Z.EUS:dnsmasq-0:2.79-21.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS:dnsmasq-debuginfo-0:2.79-21.el8_6.5.aarch64",
"AppStream-8.6.0.Z.EUS:dnsmasq-debuginfo-0:2.79-21.el8_6.5.ppc64le",
"AppStream-8.6.0.Z.EUS:dnsmasq-debuginfo-0:2.79-21.el8_6.5.s390x",
"AppStream-8.6.0.Z.EUS:dnsmasq-debuginfo-0:2.79-21.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS:dnsmasq-debugsource-0:2.79-21.el8_6.5.aarch64",
"AppStream-8.6.0.Z.EUS:dnsmasq-debugsource-0:2.79-21.el8_6.5.ppc64le",
"AppStream-8.6.0.Z.EUS:dnsmasq-debugsource-0:2.79-21.el8_6.5.s390x",
"AppStream-8.6.0.Z.EUS:dnsmasq-debugsource-0:2.79-21.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-0:2.79-21.el8_6.5.aarch64",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-0:2.79-21.el8_6.5.ppc64le",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-0:2.79-21.el8_6.5.s390x",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-0:2.79-21.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-21.el8_6.5.aarch64",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-21.el8_6.5.ppc64le",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-21.el8_6.5.s390x",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-21.el8_6.5.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"AppStream-8.6.0.Z.EUS:dnsmasq-0:2.79-21.el8_6.5.aarch64",
"AppStream-8.6.0.Z.EUS:dnsmasq-0:2.79-21.el8_6.5.ppc64le",
"AppStream-8.6.0.Z.EUS:dnsmasq-0:2.79-21.el8_6.5.s390x",
"AppStream-8.6.0.Z.EUS:dnsmasq-0:2.79-21.el8_6.5.src",
"AppStream-8.6.0.Z.EUS:dnsmasq-0:2.79-21.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS:dnsmasq-debuginfo-0:2.79-21.el8_6.5.aarch64",
"AppStream-8.6.0.Z.EUS:dnsmasq-debuginfo-0:2.79-21.el8_6.5.ppc64le",
"AppStream-8.6.0.Z.EUS:dnsmasq-debuginfo-0:2.79-21.el8_6.5.s390x",
"AppStream-8.6.0.Z.EUS:dnsmasq-debuginfo-0:2.79-21.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS:dnsmasq-debugsource-0:2.79-21.el8_6.5.aarch64",
"AppStream-8.6.0.Z.EUS:dnsmasq-debugsource-0:2.79-21.el8_6.5.ppc64le",
"AppStream-8.6.0.Z.EUS:dnsmasq-debugsource-0:2.79-21.el8_6.5.s390x",
"AppStream-8.6.0.Z.EUS:dnsmasq-debugsource-0:2.79-21.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-0:2.79-21.el8_6.5.aarch64",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-0:2.79-21.el8_6.5.ppc64le",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-0:2.79-21.el8_6.5.s390x",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-0:2.79-21.el8_6.5.x86_64",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-21.el8_6.5.aarch64",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-21.el8_6.5.ppc64le",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-21.el8_6.5.s390x",
"AppStream-8.6.0.Z.EUS:dnsmasq-utils-debuginfo-0:2.79-21.el8_6.5.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"details": "Important"
}
],
"title": "bind9: Preparing an NSEC3 closest encloser proof can exhaust CPU resources"
}
]
}
SUSE-SU-2022:1288-1
Vulnerability from csaf_suse - Published: 2022-04-21 12:52 - Updated: 2022-04-21 12:52Summary
Security update for dnsmasq
Severity
Important
Notes
Title of the patch: Security update for dnsmasq
Description of the patch: This update for dnsmasq fixes the following issues:
- CVE-2021-3448: Fixed a potential DNS cache poisoning issue due to a constant
outgoing port being used when for certain use cases of the --server option
(bsc#1183709).
- CVE-2022-0934: Fixed an invalid memory access that could lead to remote denial
of service via crafted packet (bsc#1197872).
Patchnames: SUSE-2022-1288,SUSE-SLE-Product-HPC-15-2022-1288,SUSE-SLE-Product-SLES-15-2022-1288,SUSE-SLE-Product-SLES_SAP-15-2022-1288
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
4 (Medium)
Affected products
Recommended
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-ESPOS:dnsmasq-2.78-150000.3.14.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-ESPOS:dnsmasq-2.78-150000.3.14.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-LTSS:dnsmasq-2.78-150000.3.14.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-LTSS:dnsmasq-2.78-150000.3.14.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15-LTSS:dnsmasq-2.78-150000.3.14.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15-LTSS:dnsmasq-2.78-150000.3.14.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15-LTSS:dnsmasq-2.78-150000.3.14.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15-LTSS:dnsmasq-2.78-150000.3.14.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15:dnsmasq-2.78-150000.3.14.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15:dnsmasq-2.78-150000.3.14.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.5 (Medium)
Affected products
Recommended
10 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-ESPOS:dnsmasq-2.78-150000.3.14.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-ESPOS:dnsmasq-2.78-150000.3.14.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-LTSS:dnsmasq-2.78-150000.3.14.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise High Performance Computing 15-LTSS:dnsmasq-2.78-150000.3.14.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15-LTSS:dnsmasq-2.78-150000.3.14.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15-LTSS:dnsmasq-2.78-150000.3.14.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15-LTSS:dnsmasq-2.78-150000.3.14.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 15-LTSS:dnsmasq-2.78-150000.3.14.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15:dnsmasq-2.78-150000.3.14.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 15:dnsmasq-2.78-150000.3.14.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
12 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for dnsmasq",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for dnsmasq fixes the following issues:\n\n- CVE-2021-3448: Fixed a potential DNS cache poisoning issue due to a constant\n outgoing port being used when for certain use cases of the --server option\n (bsc#1183709).\n- CVE-2022-0934: Fixed an invalid memory access that could lead to remote denial\n of service via crafted packet (bsc#1197872).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "SUSE-2022-1288,SUSE-SLE-Product-HPC-15-2022-1288,SUSE-SLE-Product-SLES-15-2022-1288,SUSE-SLE-Product-SLES_SAP-15-2022-1288",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2022_1288-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2022:1288-1",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20221288-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2022:1288-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-April/010788.html"
},
{
"category": "self",
"summary": "SUSE Bug 1183709",
"url": "https://bugzilla.suse.com/1183709"
},
{
"category": "self",
"summary": "SUSE Bug 1197872",
"url": "https://bugzilla.suse.com/1197872"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-3448 page",
"url": "https://www.suse.com/security/cve/CVE-2021-3448/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-0934 page",
"url": "https://www.suse.com/security/cve/CVE-2022-0934/"
}
],
"title": "Security update for dnsmasq",
"tracking": {
"current_release_date": "2022-04-21T12:52:57Z",
"generator": {
"date": "2022-04-21T12:52:57Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2022:1288-1",
"initial_release_date": "2022-04-21T12:52:57Z",
"revision_history": [
{
"date": "2022-04-21T12:52:57Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "dnsmasq-2.78-150000.3.14.1.aarch64",
"product": {
"name": "dnsmasq-2.78-150000.3.14.1.aarch64",
"product_id": "dnsmasq-2.78-150000.3.14.1.aarch64"
}
},
{
"category": "product_version",
"name": "dnsmasq-utils-2.78-150000.3.14.1.aarch64",
"product": {
"name": "dnsmasq-utils-2.78-150000.3.14.1.aarch64",
"product_id": "dnsmasq-utils-2.78-150000.3.14.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "dnsmasq-2.78-150000.3.14.1.i586",
"product": {
"name": "dnsmasq-2.78-150000.3.14.1.i586",
"product_id": "dnsmasq-2.78-150000.3.14.1.i586"
}
},
{
"category": "product_version",
"name": "dnsmasq-utils-2.78-150000.3.14.1.i586",
"product": {
"name": "dnsmasq-utils-2.78-150000.3.14.1.i586",
"product_id": "dnsmasq-utils-2.78-150000.3.14.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "dnsmasq-2.78-150000.3.14.1.ppc64le",
"product": {
"name": "dnsmasq-2.78-150000.3.14.1.ppc64le",
"product_id": "dnsmasq-2.78-150000.3.14.1.ppc64le"
}
},
{
"category": "product_version",
"name": "dnsmasq-utils-2.78-150000.3.14.1.ppc64le",
"product": {
"name": "dnsmasq-utils-2.78-150000.3.14.1.ppc64le",
"product_id": "dnsmasq-utils-2.78-150000.3.14.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "dnsmasq-2.78-150000.3.14.1.s390x",
"product": {
"name": "dnsmasq-2.78-150000.3.14.1.s390x",
"product_id": "dnsmasq-2.78-150000.3.14.1.s390x"
}
},
{
"category": "product_version",
"name": "dnsmasq-utils-2.78-150000.3.14.1.s390x",
"product": {
"name": "dnsmasq-utils-2.78-150000.3.14.1.s390x",
"product_id": "dnsmasq-utils-2.78-150000.3.14.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "dnsmasq-2.78-150000.3.14.1.x86_64",
"product": {
"name": "dnsmasq-2.78-150000.3.14.1.x86_64",
"product_id": "dnsmasq-2.78-150000.3.14.1.x86_64"
}
},
{
"category": "product_version",
"name": "dnsmasq-utils-2.78-150000.3.14.1.x86_64",
"product": {
"name": "dnsmasq-utils-2.78-150000.3.14.1.x86_64",
"product_id": "dnsmasq-utils-2.78-150000.3.14.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15-ESPOS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15-ESPOS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-espos:15"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise High Performance Computing 15-LTSS",
"product": {
"name": "SUSE Linux Enterprise High Performance Computing 15-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sle_hpc-ltss:15"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 15-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 15-LTSS",
"product_id": "SUSE Linux Enterprise Server 15-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:15"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 15",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 15",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:15"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-2.78-150000.3.14.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15-ESPOS:dnsmasq-2.78-150000.3.14.1.aarch64"
},
"product_reference": "dnsmasq-2.78-150000.3.14.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-2.78-150000.3.14.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15-ESPOS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15-ESPOS:dnsmasq-2.78-150000.3.14.1.x86_64"
},
"product_reference": "dnsmasq-2.78-150000.3.14.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15-ESPOS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-2.78-150000.3.14.1.aarch64 as component of SUSE Linux Enterprise High Performance Computing 15-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15-LTSS:dnsmasq-2.78-150000.3.14.1.aarch64"
},
"product_reference": "dnsmasq-2.78-150000.3.14.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-2.78-150000.3.14.1.x86_64 as component of SUSE Linux Enterprise High Performance Computing 15-LTSS",
"product_id": "SUSE Linux Enterprise High Performance Computing 15-LTSS:dnsmasq-2.78-150000.3.14.1.x86_64"
},
"product_reference": "dnsmasq-2.78-150000.3.14.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise High Performance Computing 15-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-2.78-150000.3.14.1.aarch64 as component of SUSE Linux Enterprise Server 15-LTSS",
"product_id": "SUSE Linux Enterprise Server 15-LTSS:dnsmasq-2.78-150000.3.14.1.aarch64"
},
"product_reference": "dnsmasq-2.78-150000.3.14.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-2.78-150000.3.14.1.ppc64le as component of SUSE Linux Enterprise Server 15-LTSS",
"product_id": "SUSE Linux Enterprise Server 15-LTSS:dnsmasq-2.78-150000.3.14.1.ppc64le"
},
"product_reference": "dnsmasq-2.78-150000.3.14.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-2.78-150000.3.14.1.s390x as component of SUSE Linux Enterprise Server 15-LTSS",
"product_id": "SUSE Linux Enterprise Server 15-LTSS:dnsmasq-2.78-150000.3.14.1.s390x"
},
"product_reference": "dnsmasq-2.78-150000.3.14.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-2.78-150000.3.14.1.x86_64 as component of SUSE Linux Enterprise Server 15-LTSS",
"product_id": "SUSE Linux Enterprise Server 15-LTSS:dnsmasq-2.78-150000.3.14.1.x86_64"
},
"product_reference": "dnsmasq-2.78-150000.3.14.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 15-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-2.78-150000.3.14.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 15",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15:dnsmasq-2.78-150000.3.14.1.ppc64le"
},
"product_reference": "dnsmasq-2.78-150000.3.14.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-2.78-150000.3.14.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 15",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 15:dnsmasq-2.78-150000.3.14.1.x86_64"
},
"product_reference": "dnsmasq-2.78-150000.3.14.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 15"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-3448",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-3448"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in dnsmasq in versions before 2.85. When configured to use a specific server for a given network interface, dnsmasq uses a fixed port while forwarding queries. An attacker on the network, able to find the outgoing port used by dnsmasq, only needs to guess the random transmission ID to forge a reply and get it accepted by dnsmasq. This flaw makes a DNS Cache Poisoning attack much easier. The highest threat from this vulnerability is to data integrity.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:dnsmasq-2.78-150000.3.14.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:dnsmasq-2.78-150000.3.14.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:dnsmasq-2.78-150000.3.14.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:dnsmasq-2.78-150000.3.14.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:dnsmasq-2.78-150000.3.14.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:dnsmasq-2.78-150000.3.14.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:dnsmasq-2.78-150000.3.14.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:dnsmasq-2.78-150000.3.14.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:dnsmasq-2.78-150000.3.14.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:dnsmasq-2.78-150000.3.14.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-3448",
"url": "https://www.suse.com/security/cve/CVE-2021-3448"
},
{
"category": "external",
"summary": "SUSE Bug 1183709 for CVE-2021-3448",
"url": "https://bugzilla.suse.com/1183709"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:dnsmasq-2.78-150000.3.14.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:dnsmasq-2.78-150000.3.14.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:dnsmasq-2.78-150000.3.14.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:dnsmasq-2.78-150000.3.14.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:dnsmasq-2.78-150000.3.14.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:dnsmasq-2.78-150000.3.14.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:dnsmasq-2.78-150000.3.14.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:dnsmasq-2.78-150000.3.14.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:dnsmasq-2.78-150000.3.14.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:dnsmasq-2.78-150000.3.14.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:dnsmasq-2.78-150000.3.14.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:dnsmasq-2.78-150000.3.14.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:dnsmasq-2.78-150000.3.14.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:dnsmasq-2.78-150000.3.14.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:dnsmasq-2.78-150000.3.14.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:dnsmasq-2.78-150000.3.14.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:dnsmasq-2.78-150000.3.14.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:dnsmasq-2.78-150000.3.14.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:dnsmasq-2.78-150000.3.14.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:dnsmasq-2.78-150000.3.14.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-04-21T12:52:57Z",
"details": "moderate"
}
],
"title": "CVE-2021-3448"
},
{
"cve": "CVE-2022-0934",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-0934"
}
],
"notes": [
{
"category": "general",
"text": "A single-byte, non-arbitrary write/use-after-free flaw was found in dnsmasq. This flaw allows an attacker who sends a crafted packet processed by dnsmasq, potentially causing a denial of service.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:dnsmasq-2.78-150000.3.14.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:dnsmasq-2.78-150000.3.14.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:dnsmasq-2.78-150000.3.14.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:dnsmasq-2.78-150000.3.14.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:dnsmasq-2.78-150000.3.14.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:dnsmasq-2.78-150000.3.14.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:dnsmasq-2.78-150000.3.14.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:dnsmasq-2.78-150000.3.14.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:dnsmasq-2.78-150000.3.14.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:dnsmasq-2.78-150000.3.14.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-0934",
"url": "https://www.suse.com/security/cve/CVE-2022-0934"
},
{
"category": "external",
"summary": "SUSE Bug 1197872 for CVE-2022-0934",
"url": "https://bugzilla.suse.com/1197872"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:dnsmasq-2.78-150000.3.14.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:dnsmasq-2.78-150000.3.14.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:dnsmasq-2.78-150000.3.14.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:dnsmasq-2.78-150000.3.14.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:dnsmasq-2.78-150000.3.14.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:dnsmasq-2.78-150000.3.14.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:dnsmasq-2.78-150000.3.14.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:dnsmasq-2.78-150000.3.14.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:dnsmasq-2.78-150000.3.14.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:dnsmasq-2.78-150000.3.14.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:dnsmasq-2.78-150000.3.14.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-ESPOS:dnsmasq-2.78-150000.3.14.1.x86_64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:dnsmasq-2.78-150000.3.14.1.aarch64",
"SUSE Linux Enterprise High Performance Computing 15-LTSS:dnsmasq-2.78-150000.3.14.1.x86_64",
"SUSE Linux Enterprise Server 15-LTSS:dnsmasq-2.78-150000.3.14.1.aarch64",
"SUSE Linux Enterprise Server 15-LTSS:dnsmasq-2.78-150000.3.14.1.ppc64le",
"SUSE Linux Enterprise Server 15-LTSS:dnsmasq-2.78-150000.3.14.1.s390x",
"SUSE Linux Enterprise Server 15-LTSS:dnsmasq-2.78-150000.3.14.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 15:dnsmasq-2.78-150000.3.14.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 15:dnsmasq-2.78-150000.3.14.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-04-21T12:52:57Z",
"details": "moderate"
}
],
"title": "CVE-2022-0934"
}
]
}
SUSE-SU-2022:1289-1
Vulnerability from csaf_suse - Published: 2022-04-21 12:54 - Updated: 2022-04-21 12:54Summary
Security update for dnsmasq
Severity
Important
Notes
Title of the patch: Security update for dnsmasq
Description of the patch: This update for dnsmasq fixes the following issues:
- CVE-2021-3448: Fixed a potential DNS cache poisoning issue due to a constant
outgoing port being used when for certain use cases of the --server option
(bsc#1183709).
- CVE-2022-0934: Fixed an invalid memory access that could lead to remote denial
of service via crafted packet (bsc#1197872).
Patchnames: HPE-Helion-OpenStack-8-2022-1289,SUSE-2022-1289,SUSE-OpenStack-Cloud-8-2022-1289,SUSE-OpenStack-Cloud-9-2022-1289,SUSE-OpenStack-Cloud-Crowbar-8-2022-1289,SUSE-OpenStack-Cloud-Crowbar-9-2022-1289,SUSE-SLE-SAP-12-SP3-2022-1289,SUSE-SLE-SAP-12-SP4-2022-1289,SUSE-SLE-SERVER-12-SP2-BCL-2022-1289,SUSE-SLE-SERVER-12-SP3-2022-1289,SUSE-SLE-SERVER-12-SP3-BCL-2022-1289,SUSE-SLE-SERVER-12-SP4-LTSS-2022-1289,SUSE-SLE-SERVER-12-SP5-2022-1289
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
4 (Medium)
Affected products
Recommended
32 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: HPE Helion OpenStack 8:dnsmasq-2.78-18.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: HPE Helion OpenStack 8:dnsmasq-utils-2.78-18.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:dnsmasq-2.78-18.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-BCL:dnsmasq-2.78-18.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:dnsmasq-2.78-18.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:dnsmasq-2.78-18.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:dnsmasq-2.78-18.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:dnsmasq-2.78-18.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:dnsmasq-2.78-18.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:dnsmasq-2.78-18.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:dnsmasq-2.78-18.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:dnsmasq-2.78-18.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:dnsmasq-2.78-18.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:dnsmasq-2.78-18.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:dnsmasq-2.78-18.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:dnsmasq-2.78-18.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:dnsmasq-2.78-18.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:dnsmasq-2.78-18.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:dnsmasq-2.78-18.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:dnsmasq-2.78-18.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:dnsmasq-2.78-18.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:dnsmasq-2.78-18.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:dnsmasq-2.78-18.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:dnsmasq-2.78-18.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:dnsmasq-2.78-18.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:dnsmasq-utils-2.78-18.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:dnsmasq-2.78-18.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:dnsmasq-utils-2.78-18.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:dnsmasq-2.78-18.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:dnsmasq-utils-2.78-18.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 9:dnsmasq-2.78-18.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 9:dnsmasq-utils-2.78-18.18.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
6.5 (Medium)
Affected products
Recommended
32 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: HPE Helion OpenStack 8:dnsmasq-2.78-18.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: HPE Helion OpenStack 8:dnsmasq-utils-2.78-18.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP2-BCL:dnsmasq-2.78-18.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-BCL:dnsmasq-2.78-18.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:dnsmasq-2.78-18.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:dnsmasq-2.78-18.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:dnsmasq-2.78-18.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP3-LTSS:dnsmasq-2.78-18.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:dnsmasq-2.78-18.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:dnsmasq-2.78-18.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:dnsmasq-2.78-18.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP4-LTSS:dnsmasq-2.78-18.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:dnsmasq-2.78-18.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:dnsmasq-2.78-18.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:dnsmasq-2.78-18.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server 12 SP5:dnsmasq-2.78-18.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:dnsmasq-2.78-18.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP3:dnsmasq-2.78-18.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:dnsmasq-2.78-18.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP4:dnsmasq-2.78-18.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:dnsmasq-2.78-18.18.1.aarch64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:dnsmasq-2.78-18.18.1.ppc64le | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:dnsmasq-2.78-18.18.1.s390x | — |
Vendor Fix
|
|
| Unresolved product id: SUSE Linux Enterprise Server for SAP Applications 12 SP5:dnsmasq-2.78-18.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:dnsmasq-2.78-18.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 8:dnsmasq-utils-2.78-18.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:dnsmasq-2.78-18.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud 9:dnsmasq-utils-2.78-18.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:dnsmasq-2.78-18.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 8:dnsmasq-utils-2.78-18.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 9:dnsmasq-2.78-18.18.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: SUSE OpenStack Cloud Crowbar 9:dnsmasq-utils-2.78-18.18.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
moderate
References
12 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for dnsmasq",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for dnsmasq fixes the following issues:\n\n- CVE-2021-3448: Fixed a potential DNS cache poisoning issue due to a constant\n outgoing port being used when for certain use cases of the --server option\n (bsc#1183709).\n- CVE-2022-0934: Fixed an invalid memory access that could lead to remote denial\n of service via crafted packet (bsc#1197872).\n",
"title": "Description of the patch"
},
{
"category": "details",
"text": "HPE-Helion-OpenStack-8-2022-1289,SUSE-2022-1289,SUSE-OpenStack-Cloud-8-2022-1289,SUSE-OpenStack-Cloud-9-2022-1289,SUSE-OpenStack-Cloud-Crowbar-8-2022-1289,SUSE-OpenStack-Cloud-Crowbar-9-2022-1289,SUSE-SLE-SAP-12-SP3-2022-1289,SUSE-SLE-SAP-12-SP4-2022-1289,SUSE-SLE-SERVER-12-SP2-BCL-2022-1289,SUSE-SLE-SERVER-12-SP3-2022-1289,SUSE-SLE-SERVER-12-SP3-BCL-2022-1289,SUSE-SLE-SERVER-12-SP4-LTSS-2022-1289,SUSE-SLE-SERVER-12-SP5-2022-1289",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2022_1289-1.json"
},
{
"category": "self",
"summary": "URL for SUSE-SU-2022:1289-1",
"url": "https://www.suse.com/support/update/announcement/2022/suse-su-20221289-1/"
},
{
"category": "self",
"summary": "E-Mail link for SUSE-SU-2022:1289-1",
"url": "https://lists.suse.com/pipermail/sle-security-updates/2022-April/010784.html"
},
{
"category": "self",
"summary": "SUSE Bug 1183709",
"url": "https://bugzilla.suse.com/1183709"
},
{
"category": "self",
"summary": "SUSE Bug 1197872",
"url": "https://bugzilla.suse.com/1197872"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2021-3448 page",
"url": "https://www.suse.com/security/cve/CVE-2021-3448/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2022-0934 page",
"url": "https://www.suse.com/security/cve/CVE-2022-0934/"
}
],
"title": "Security update for dnsmasq",
"tracking": {
"current_release_date": "2022-04-21T12:54:28Z",
"generator": {
"date": "2022-04-21T12:54:28Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "SUSE-SU-2022:1289-1",
"initial_release_date": "2022-04-21T12:54:28Z",
"revision_history": [
{
"date": "2022-04-21T12:54:28Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "dnsmasq-2.78-18.18.1.aarch64",
"product": {
"name": "dnsmasq-2.78-18.18.1.aarch64",
"product_id": "dnsmasq-2.78-18.18.1.aarch64"
}
},
{
"category": "product_version",
"name": "dnsmasq-utils-2.78-18.18.1.aarch64",
"product": {
"name": "dnsmasq-utils-2.78-18.18.1.aarch64",
"product_id": "dnsmasq-utils-2.78-18.18.1.aarch64"
}
}
],
"category": "architecture",
"name": "aarch64"
},
{
"branches": [
{
"category": "product_version",
"name": "dnsmasq-2.78-18.18.1.i586",
"product": {
"name": "dnsmasq-2.78-18.18.1.i586",
"product_id": "dnsmasq-2.78-18.18.1.i586"
}
},
{
"category": "product_version",
"name": "dnsmasq-utils-2.78-18.18.1.i586",
"product": {
"name": "dnsmasq-utils-2.78-18.18.1.i586",
"product_id": "dnsmasq-utils-2.78-18.18.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "dnsmasq-2.78-18.18.1.ppc64le",
"product": {
"name": "dnsmasq-2.78-18.18.1.ppc64le",
"product_id": "dnsmasq-2.78-18.18.1.ppc64le"
}
},
{
"category": "product_version",
"name": "dnsmasq-utils-2.78-18.18.1.ppc64le",
"product": {
"name": "dnsmasq-utils-2.78-18.18.1.ppc64le",
"product_id": "dnsmasq-utils-2.78-18.18.1.ppc64le"
}
}
],
"category": "architecture",
"name": "ppc64le"
},
{
"branches": [
{
"category": "product_version",
"name": "dnsmasq-2.78-18.18.1.s390",
"product": {
"name": "dnsmasq-2.78-18.18.1.s390",
"product_id": "dnsmasq-2.78-18.18.1.s390"
}
},
{
"category": "product_version",
"name": "dnsmasq-utils-2.78-18.18.1.s390",
"product": {
"name": "dnsmasq-utils-2.78-18.18.1.s390",
"product_id": "dnsmasq-utils-2.78-18.18.1.s390"
}
}
],
"category": "architecture",
"name": "s390"
},
{
"branches": [
{
"category": "product_version",
"name": "dnsmasq-2.78-18.18.1.s390x",
"product": {
"name": "dnsmasq-2.78-18.18.1.s390x",
"product_id": "dnsmasq-2.78-18.18.1.s390x"
}
},
{
"category": "product_version",
"name": "dnsmasq-utils-2.78-18.18.1.s390x",
"product": {
"name": "dnsmasq-utils-2.78-18.18.1.s390x",
"product_id": "dnsmasq-utils-2.78-18.18.1.s390x"
}
}
],
"category": "architecture",
"name": "s390x"
},
{
"branches": [
{
"category": "product_version",
"name": "dnsmasq-2.78-18.18.1.x86_64",
"product": {
"name": "dnsmasq-2.78-18.18.1.x86_64",
"product_id": "dnsmasq-2.78-18.18.1.x86_64"
}
},
{
"category": "product_version",
"name": "dnsmasq-utils-2.78-18.18.1.x86_64",
"product": {
"name": "dnsmasq-utils-2.78-18.18.1.x86_64",
"product_id": "dnsmasq-utils-2.78-18.18.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "HPE Helion OpenStack 8",
"product": {
"name": "HPE Helion OpenStack 8",
"product_id": "HPE Helion OpenStack 8",
"product_identification_helper": {
"cpe": "cpe:/o:suse:hpe-helion-openstack:8"
}
}
},
{
"category": "product_name",
"name": "SUSE OpenStack Cloud 8",
"product": {
"name": "SUSE OpenStack Cloud 8",
"product_id": "SUSE OpenStack Cloud 8",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-openstack-cloud:8"
}
}
},
{
"category": "product_name",
"name": "SUSE OpenStack Cloud 9",
"product": {
"name": "SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-openstack-cloud:9"
}
}
},
{
"category": "product_name",
"name": "SUSE OpenStack Cloud Crowbar 8",
"product": {
"name": "SUSE OpenStack Cloud Crowbar 8",
"product_id": "SUSE OpenStack Cloud Crowbar 8",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-openstack-cloud-crowbar:8"
}
}
},
{
"category": "product_name",
"name": "SUSE OpenStack Cloud Crowbar 9",
"product": {
"name": "SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9",
"product_identification_helper": {
"cpe": "cpe:/o:suse:suse-openstack-cloud-crowbar:9"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP2-BCL",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP2-BCL",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-bcl:12:sp2"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP3-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:12:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP3-BCL",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP3-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP3-BCL",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-bcl:12:sp3"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP4-LTSS",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP4-LTSS",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles-ltss:12:sp4"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server 12 SP5",
"product": {
"name": "SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles:12:sp5"
}
}
},
{
"category": "product_name",
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product": {
"name": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_identification_helper": {
"cpe": "cpe:/o:suse:sles_sap:12:sp5"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-2.78-18.18.1.x86_64 as component of HPE Helion OpenStack 8",
"product_id": "HPE Helion OpenStack 8:dnsmasq-2.78-18.18.1.x86_64"
},
"product_reference": "dnsmasq-2.78-18.18.1.x86_64",
"relates_to_product_reference": "HPE Helion OpenStack 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-utils-2.78-18.18.1.x86_64 as component of HPE Helion OpenStack 8",
"product_id": "HPE Helion OpenStack 8:dnsmasq-utils-2.78-18.18.1.x86_64"
},
"product_reference": "dnsmasq-utils-2.78-18.18.1.x86_64",
"relates_to_product_reference": "HPE Helion OpenStack 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-2.78-18.18.1.x86_64 as component of SUSE OpenStack Cloud 8",
"product_id": "SUSE OpenStack Cloud 8:dnsmasq-2.78-18.18.1.x86_64"
},
"product_reference": "dnsmasq-2.78-18.18.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-utils-2.78-18.18.1.x86_64 as component of SUSE OpenStack Cloud 8",
"product_id": "SUSE OpenStack Cloud 8:dnsmasq-utils-2.78-18.18.1.x86_64"
},
"product_reference": "dnsmasq-utils-2.78-18.18.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-2.78-18.18.1.x86_64 as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:dnsmasq-2.78-18.18.1.x86_64"
},
"product_reference": "dnsmasq-2.78-18.18.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-utils-2.78-18.18.1.x86_64 as component of SUSE OpenStack Cloud 9",
"product_id": "SUSE OpenStack Cloud 9:dnsmasq-utils-2.78-18.18.1.x86_64"
},
"product_reference": "dnsmasq-utils-2.78-18.18.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-2.78-18.18.1.x86_64 as component of SUSE OpenStack Cloud Crowbar 8",
"product_id": "SUSE OpenStack Cloud Crowbar 8:dnsmasq-2.78-18.18.1.x86_64"
},
"product_reference": "dnsmasq-2.78-18.18.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-utils-2.78-18.18.1.x86_64 as component of SUSE OpenStack Cloud Crowbar 8",
"product_id": "SUSE OpenStack Cloud Crowbar 8:dnsmasq-utils-2.78-18.18.1.x86_64"
},
"product_reference": "dnsmasq-utils-2.78-18.18.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 8"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-2.78-18.18.1.x86_64 as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:dnsmasq-2.78-18.18.1.x86_64"
},
"product_reference": "dnsmasq-2.78-18.18.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-utils-2.78-18.18.1.x86_64 as component of SUSE OpenStack Cloud Crowbar 9",
"product_id": "SUSE OpenStack Cloud Crowbar 9:dnsmasq-utils-2.78-18.18.1.x86_64"
},
"product_reference": "dnsmasq-utils-2.78-18.18.1.x86_64",
"relates_to_product_reference": "SUSE OpenStack Cloud Crowbar 9"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-2.78-18.18.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:dnsmasq-2.78-18.18.1.ppc64le"
},
"product_reference": "dnsmasq-2.78-18.18.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-2.78-18.18.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP3",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP3:dnsmasq-2.78-18.18.1.x86_64"
},
"product_reference": "dnsmasq-2.78-18.18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP3"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-2.78-18.18.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:dnsmasq-2.78-18.18.1.ppc64le"
},
"product_reference": "dnsmasq-2.78-18.18.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-2.78-18.18.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP4",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP4:dnsmasq-2.78-18.18.1.x86_64"
},
"product_reference": "dnsmasq-2.78-18.18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP4"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-2.78-18.18.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP2-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP2-BCL:dnsmasq-2.78-18.18.1.x86_64"
},
"product_reference": "dnsmasq-2.78-18.18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP2-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-2.78-18.18.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS:dnsmasq-2.78-18.18.1.aarch64"
},
"product_reference": "dnsmasq-2.78-18.18.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-2.78-18.18.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS:dnsmasq-2.78-18.18.1.ppc64le"
},
"product_reference": "dnsmasq-2.78-18.18.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-2.78-18.18.1.s390x as component of SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS:dnsmasq-2.78-18.18.1.s390x"
},
"product_reference": "dnsmasq-2.78-18.18.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-2.78-18.18.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP3-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP3-LTSS:dnsmasq-2.78-18.18.1.x86_64"
},
"product_reference": "dnsmasq-2.78-18.18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-2.78-18.18.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP3-BCL",
"product_id": "SUSE Linux Enterprise Server 12 SP3-BCL:dnsmasq-2.78-18.18.1.x86_64"
},
"product_reference": "dnsmasq-2.78-18.18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP3-BCL"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-2.78-18.18.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP4-LTSS:dnsmasq-2.78-18.18.1.aarch64"
},
"product_reference": "dnsmasq-2.78-18.18.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-2.78-18.18.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP4-LTSS:dnsmasq-2.78-18.18.1.ppc64le"
},
"product_reference": "dnsmasq-2.78-18.18.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-2.78-18.18.1.s390x as component of SUSE Linux Enterprise Server 12 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP4-LTSS:dnsmasq-2.78-18.18.1.s390x"
},
"product_reference": "dnsmasq-2.78-18.18.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-2.78-18.18.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP4-LTSS",
"product_id": "SUSE Linux Enterprise Server 12 SP4-LTSS:dnsmasq-2.78-18.18.1.x86_64"
},
"product_reference": "dnsmasq-2.78-18.18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP4-LTSS"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-2.78-18.18.1.aarch64 as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:dnsmasq-2.78-18.18.1.aarch64"
},
"product_reference": "dnsmasq-2.78-18.18.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-2.78-18.18.1.ppc64le as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:dnsmasq-2.78-18.18.1.ppc64le"
},
"product_reference": "dnsmasq-2.78-18.18.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-2.78-18.18.1.s390x as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:dnsmasq-2.78-18.18.1.s390x"
},
"product_reference": "dnsmasq-2.78-18.18.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-2.78-18.18.1.x86_64 as component of SUSE Linux Enterprise Server 12 SP5",
"product_id": "SUSE Linux Enterprise Server 12 SP5:dnsmasq-2.78-18.18.1.x86_64"
},
"product_reference": "dnsmasq-2.78-18.18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-2.78-18.18.1.aarch64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:dnsmasq-2.78-18.18.1.aarch64"
},
"product_reference": "dnsmasq-2.78-18.18.1.aarch64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-2.78-18.18.1.ppc64le as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:dnsmasq-2.78-18.18.1.ppc64le"
},
"product_reference": "dnsmasq-2.78-18.18.1.ppc64le",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-2.78-18.18.1.s390x as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:dnsmasq-2.78-18.18.1.s390x"
},
"product_reference": "dnsmasq-2.78-18.18.1.s390x",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-2.78-18.18.1.x86_64 as component of SUSE Linux Enterprise Server for SAP Applications 12 SP5",
"product_id": "SUSE Linux Enterprise Server for SAP Applications 12 SP5:dnsmasq-2.78-18.18.1.x86_64"
},
"product_reference": "dnsmasq-2.78-18.18.1.x86_64",
"relates_to_product_reference": "SUSE Linux Enterprise Server for SAP Applications 12 SP5"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2021-3448",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2021-3448"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in dnsmasq in versions before 2.85. When configured to use a specific server for a given network interface, dnsmasq uses a fixed port while forwarding queries. An attacker on the network, able to find the outgoing port used by dnsmasq, only needs to guess the random transmission ID to forge a reply and get it accepted by dnsmasq. This flaw makes a DNS Cache Poisoning attack much easier. The highest threat from this vulnerability is to data integrity.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"HPE Helion OpenStack 8:dnsmasq-2.78-18.18.1.x86_64",
"HPE Helion OpenStack 8:dnsmasq-utils-2.78-18.18.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:dnsmasq-2.78-18.18.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:dnsmasq-2.78-18.18.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:dnsmasq-2.78-18.18.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:dnsmasq-2.78-18.18.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:dnsmasq-2.78-18.18.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:dnsmasq-2.78-18.18.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:dnsmasq-2.78-18.18.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:dnsmasq-2.78-18.18.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:dnsmasq-2.78-18.18.1.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:dnsmasq-2.78-18.18.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:dnsmasq-2.78-18.18.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:dnsmasq-2.78-18.18.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:dnsmasq-2.78-18.18.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:dnsmasq-2.78-18.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:dnsmasq-2.78-18.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:dnsmasq-2.78-18.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:dnsmasq-2.78-18.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:dnsmasq-2.78-18.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:dnsmasq-2.78-18.18.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:dnsmasq-2.78-18.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:dnsmasq-2.78-18.18.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:dnsmasq-2.78-18.18.1.x86_64",
"SUSE OpenStack Cloud 8:dnsmasq-2.78-18.18.1.x86_64",
"SUSE OpenStack Cloud 8:dnsmasq-utils-2.78-18.18.1.x86_64",
"SUSE OpenStack Cloud 9:dnsmasq-2.78-18.18.1.x86_64",
"SUSE OpenStack Cloud 9:dnsmasq-utils-2.78-18.18.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:dnsmasq-2.78-18.18.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:dnsmasq-utils-2.78-18.18.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:dnsmasq-2.78-18.18.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:dnsmasq-utils-2.78-18.18.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2021-3448",
"url": "https://www.suse.com/security/cve/CVE-2021-3448"
},
{
"category": "external",
"summary": "SUSE Bug 1183709 for CVE-2021-3448",
"url": "https://bugzilla.suse.com/1183709"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"HPE Helion OpenStack 8:dnsmasq-2.78-18.18.1.x86_64",
"HPE Helion OpenStack 8:dnsmasq-utils-2.78-18.18.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:dnsmasq-2.78-18.18.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:dnsmasq-2.78-18.18.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:dnsmasq-2.78-18.18.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:dnsmasq-2.78-18.18.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:dnsmasq-2.78-18.18.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:dnsmasq-2.78-18.18.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:dnsmasq-2.78-18.18.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:dnsmasq-2.78-18.18.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:dnsmasq-2.78-18.18.1.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:dnsmasq-2.78-18.18.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:dnsmasq-2.78-18.18.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:dnsmasq-2.78-18.18.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:dnsmasq-2.78-18.18.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:dnsmasq-2.78-18.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:dnsmasq-2.78-18.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:dnsmasq-2.78-18.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:dnsmasq-2.78-18.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:dnsmasq-2.78-18.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:dnsmasq-2.78-18.18.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:dnsmasq-2.78-18.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:dnsmasq-2.78-18.18.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:dnsmasq-2.78-18.18.1.x86_64",
"SUSE OpenStack Cloud 8:dnsmasq-2.78-18.18.1.x86_64",
"SUSE OpenStack Cloud 8:dnsmasq-utils-2.78-18.18.1.x86_64",
"SUSE OpenStack Cloud 9:dnsmasq-2.78-18.18.1.x86_64",
"SUSE OpenStack Cloud 9:dnsmasq-utils-2.78-18.18.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:dnsmasq-2.78-18.18.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:dnsmasq-utils-2.78-18.18.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:dnsmasq-2.78-18.18.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:dnsmasq-utils-2.78-18.18.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"HPE Helion OpenStack 8:dnsmasq-2.78-18.18.1.x86_64",
"HPE Helion OpenStack 8:dnsmasq-utils-2.78-18.18.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:dnsmasq-2.78-18.18.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:dnsmasq-2.78-18.18.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:dnsmasq-2.78-18.18.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:dnsmasq-2.78-18.18.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:dnsmasq-2.78-18.18.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:dnsmasq-2.78-18.18.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:dnsmasq-2.78-18.18.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:dnsmasq-2.78-18.18.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:dnsmasq-2.78-18.18.1.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:dnsmasq-2.78-18.18.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:dnsmasq-2.78-18.18.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:dnsmasq-2.78-18.18.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:dnsmasq-2.78-18.18.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:dnsmasq-2.78-18.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:dnsmasq-2.78-18.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:dnsmasq-2.78-18.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:dnsmasq-2.78-18.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:dnsmasq-2.78-18.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:dnsmasq-2.78-18.18.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:dnsmasq-2.78-18.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:dnsmasq-2.78-18.18.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:dnsmasq-2.78-18.18.1.x86_64",
"SUSE OpenStack Cloud 8:dnsmasq-2.78-18.18.1.x86_64",
"SUSE OpenStack Cloud 8:dnsmasq-utils-2.78-18.18.1.x86_64",
"SUSE OpenStack Cloud 9:dnsmasq-2.78-18.18.1.x86_64",
"SUSE OpenStack Cloud 9:dnsmasq-utils-2.78-18.18.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:dnsmasq-2.78-18.18.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:dnsmasq-utils-2.78-18.18.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:dnsmasq-2.78-18.18.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:dnsmasq-utils-2.78-18.18.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-04-21T12:54:28Z",
"details": "moderate"
}
],
"title": "CVE-2021-3448"
},
{
"cve": "CVE-2022-0934",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2022-0934"
}
],
"notes": [
{
"category": "general",
"text": "A single-byte, non-arbitrary write/use-after-free flaw was found in dnsmasq. This flaw allows an attacker who sends a crafted packet processed by dnsmasq, potentially causing a denial of service.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"HPE Helion OpenStack 8:dnsmasq-2.78-18.18.1.x86_64",
"HPE Helion OpenStack 8:dnsmasq-utils-2.78-18.18.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:dnsmasq-2.78-18.18.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:dnsmasq-2.78-18.18.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:dnsmasq-2.78-18.18.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:dnsmasq-2.78-18.18.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:dnsmasq-2.78-18.18.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:dnsmasq-2.78-18.18.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:dnsmasq-2.78-18.18.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:dnsmasq-2.78-18.18.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:dnsmasq-2.78-18.18.1.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:dnsmasq-2.78-18.18.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:dnsmasq-2.78-18.18.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:dnsmasq-2.78-18.18.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:dnsmasq-2.78-18.18.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:dnsmasq-2.78-18.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:dnsmasq-2.78-18.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:dnsmasq-2.78-18.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:dnsmasq-2.78-18.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:dnsmasq-2.78-18.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:dnsmasq-2.78-18.18.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:dnsmasq-2.78-18.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:dnsmasq-2.78-18.18.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:dnsmasq-2.78-18.18.1.x86_64",
"SUSE OpenStack Cloud 8:dnsmasq-2.78-18.18.1.x86_64",
"SUSE OpenStack Cloud 8:dnsmasq-utils-2.78-18.18.1.x86_64",
"SUSE OpenStack Cloud 9:dnsmasq-2.78-18.18.1.x86_64",
"SUSE OpenStack Cloud 9:dnsmasq-utils-2.78-18.18.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:dnsmasq-2.78-18.18.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:dnsmasq-utils-2.78-18.18.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:dnsmasq-2.78-18.18.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:dnsmasq-utils-2.78-18.18.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2022-0934",
"url": "https://www.suse.com/security/cve/CVE-2022-0934"
},
{
"category": "external",
"summary": "SUSE Bug 1197872 for CVE-2022-0934",
"url": "https://bugzilla.suse.com/1197872"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"HPE Helion OpenStack 8:dnsmasq-2.78-18.18.1.x86_64",
"HPE Helion OpenStack 8:dnsmasq-utils-2.78-18.18.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:dnsmasq-2.78-18.18.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:dnsmasq-2.78-18.18.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:dnsmasq-2.78-18.18.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:dnsmasq-2.78-18.18.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:dnsmasq-2.78-18.18.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:dnsmasq-2.78-18.18.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:dnsmasq-2.78-18.18.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:dnsmasq-2.78-18.18.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:dnsmasq-2.78-18.18.1.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:dnsmasq-2.78-18.18.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:dnsmasq-2.78-18.18.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:dnsmasq-2.78-18.18.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:dnsmasq-2.78-18.18.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:dnsmasq-2.78-18.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:dnsmasq-2.78-18.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:dnsmasq-2.78-18.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:dnsmasq-2.78-18.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:dnsmasq-2.78-18.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:dnsmasq-2.78-18.18.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:dnsmasq-2.78-18.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:dnsmasq-2.78-18.18.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:dnsmasq-2.78-18.18.1.x86_64",
"SUSE OpenStack Cloud 8:dnsmasq-2.78-18.18.1.x86_64",
"SUSE OpenStack Cloud 8:dnsmasq-utils-2.78-18.18.1.x86_64",
"SUSE OpenStack Cloud 9:dnsmasq-2.78-18.18.1.x86_64",
"SUSE OpenStack Cloud 9:dnsmasq-utils-2.78-18.18.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:dnsmasq-2.78-18.18.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:dnsmasq-utils-2.78-18.18.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:dnsmasq-2.78-18.18.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:dnsmasq-utils-2.78-18.18.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L",
"version": "3.1"
},
"products": [
"HPE Helion OpenStack 8:dnsmasq-2.78-18.18.1.x86_64",
"HPE Helion OpenStack 8:dnsmasq-utils-2.78-18.18.1.x86_64",
"SUSE Linux Enterprise Server 12 SP2-BCL:dnsmasq-2.78-18.18.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-BCL:dnsmasq-2.78-18.18.1.x86_64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:dnsmasq-2.78-18.18.1.aarch64",
"SUSE Linux Enterprise Server 12 SP3-LTSS:dnsmasq-2.78-18.18.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP3-LTSS:dnsmasq-2.78-18.18.1.s390x",
"SUSE Linux Enterprise Server 12 SP3-LTSS:dnsmasq-2.78-18.18.1.x86_64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:dnsmasq-2.78-18.18.1.aarch64",
"SUSE Linux Enterprise Server 12 SP4-LTSS:dnsmasq-2.78-18.18.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP4-LTSS:dnsmasq-2.78-18.18.1.s390x",
"SUSE Linux Enterprise Server 12 SP4-LTSS:dnsmasq-2.78-18.18.1.x86_64",
"SUSE Linux Enterprise Server 12 SP5:dnsmasq-2.78-18.18.1.aarch64",
"SUSE Linux Enterprise Server 12 SP5:dnsmasq-2.78-18.18.1.ppc64le",
"SUSE Linux Enterprise Server 12 SP5:dnsmasq-2.78-18.18.1.s390x",
"SUSE Linux Enterprise Server 12 SP5:dnsmasq-2.78-18.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:dnsmasq-2.78-18.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP3:dnsmasq-2.78-18.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:dnsmasq-2.78-18.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP4:dnsmasq-2.78-18.18.1.x86_64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:dnsmasq-2.78-18.18.1.aarch64",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:dnsmasq-2.78-18.18.1.ppc64le",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:dnsmasq-2.78-18.18.1.s390x",
"SUSE Linux Enterprise Server for SAP Applications 12 SP5:dnsmasq-2.78-18.18.1.x86_64",
"SUSE OpenStack Cloud 8:dnsmasq-2.78-18.18.1.x86_64",
"SUSE OpenStack Cloud 8:dnsmasq-utils-2.78-18.18.1.x86_64",
"SUSE OpenStack Cloud 9:dnsmasq-2.78-18.18.1.x86_64",
"SUSE OpenStack Cloud 9:dnsmasq-utils-2.78-18.18.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:dnsmasq-2.78-18.18.1.x86_64",
"SUSE OpenStack Cloud Crowbar 8:dnsmasq-utils-2.78-18.18.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:dnsmasq-2.78-18.18.1.x86_64",
"SUSE OpenStack Cloud Crowbar 9:dnsmasq-utils-2.78-18.18.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2022-04-21T12:54:28Z",
"details": "moderate"
}
],
"title": "CVE-2022-0934"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…