CVE-2009-2957

Heap-based buffer overflow in the tftp_request function in tftp.c in dnsmasq before 2.50, when --enable-tftp is used, might allow remote attackers to execute arbitrary code via a long filename in a TFTP packet, as demonstrated by a read (aka RRQ) request.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
mitreCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 88%
VendorProductVersion
thekelleysdnsmasq
𝑥
≤ 2.49
thekelleysdnsmasq
0.4
thekelleysdnsmasq
0.5
thekelleysdnsmasq
0.6
thekelleysdnsmasq
0.7
thekelleysdnsmasq
0.95
thekelleysdnsmasq
0.96
thekelleysdnsmasq
0.98
thekelleysdnsmasq
0.992
thekelleysdnsmasq
0.996
thekelleysdnsmasq
1.0
thekelleysdnsmasq
1.2
thekelleysdnsmasq
1.3
thekelleysdnsmasq
1.4
thekelleysdnsmasq
1.5
thekelleysdnsmasq
1.6
thekelleysdnsmasq
1.7
thekelleysdnsmasq
1.8
thekelleysdnsmasq
1.9
thekelleysdnsmasq
1.10
thekelleysdnsmasq
1.11
thekelleysdnsmasq
1.12
thekelleysdnsmasq
1.13
thekelleysdnsmasq
1.14
thekelleysdnsmasq
1.15
thekelleysdnsmasq
1.16
thekelleysdnsmasq
1.17
thekelleysdnsmasq
1.18
thekelleysdnsmasq
2.0
thekelleysdnsmasq
2.1
thekelleysdnsmasq
2.2
thekelleysdnsmasq
2.3
thekelleysdnsmasq
2.4
thekelleysdnsmasq
2.5
thekelleysdnsmasq
2.6
thekelleysdnsmasq
2.7
thekelleysdnsmasq
2.8
thekelleysdnsmasq
2.9
thekelleysdnsmasq
2.10
thekelleysdnsmasq
2.11
thekelleysdnsmasq
2.12
thekelleysdnsmasq
2.13
thekelleysdnsmasq
2.14
thekelleysdnsmasq
2.15
thekelleysdnsmasq
2.16
thekelleysdnsmasq
2.17
thekelleysdnsmasq
2.18
thekelleysdnsmasq
2.19
thekelleysdnsmasq
2.20
thekelleysdnsmasq
2.21
thekelleysdnsmasq
2.22
thekelleysdnsmasq
2.23
thekelleysdnsmasq
2.24
thekelleysdnsmasq
2.25
thekelleysdnsmasq
2.26
thekelleysdnsmasq
2.27
thekelleysdnsmasq
2.28
thekelleysdnsmasq
2.29
thekelleysdnsmasq
2.30
thekelleysdnsmasq
2.31
thekelleysdnsmasq
2.33
thekelleysdnsmasq
2.34
thekelleysdnsmasq
2.35
thekelleysdnsmasq
2.36
thekelleysdnsmasq
2.37
thekelleysdnsmasq
2.38
thekelleysdnsmasq
2.39
thekelleysdnsmasq
2.40
thekelleysdnsmasq
2.41
thekelleysdnsmasq
2.42
thekelleysdnsmasq
2.43
thekelleysdnsmasq
2.44
thekelleysdnsmasq
2.45
thekelleysdnsmasq
2.46
thekelleysdnsmasq
2.47
thekelleysdnsmasq
2.48
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
dnsmasq
bullseye
2.85-1
fixed
bookworm
2.89-1
fixed
sid
2.90-4
fixed
trixie
2.90-4
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
dnsmasq
jaunty
Fixed 2.47-3ubuntu0.1
released
intrepid
Fixed 2.45-1ubuntu1.1
released
hardy
Fixed 2.41-2ubuntu2.2
released
dapper
not-affected
Common Weakness Enumeration
References
http://secunia.com/advisories/36563
http://www.coresecurity.com/content/dnsmasq-vulnerabilities
http://www.redhat.com/support/errata/RHSA-2009-1238.html
http://www.securityfocus.com/bid/36121
http://www.thekelleys.org.uk/dnsmasq/CHANGELOG
http://www.ubuntu.com/usn/USN-827-1
https://bugzilla.redhat.com/show_bug.cgi?id=519020
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10538
https://rhn.redhat.com/errata/RHSA-2010-0095.html
http://secunia.com/advisories/36563
http://www.coresecurity.com/content/dnsmasq-vulnerabilities
http://www.redhat.com/support/errata/RHSA-2009-1238.html
http://www.securityfocus.com/bid/36121
http://www.thekelleys.org.uk/dnsmasq/CHANGELOG
http://www.ubuntu.com/usn/USN-827-1
https://bugzilla.redhat.com/show_bug.cgi?id=519020
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10538
https://rhn.redhat.com/errata/RHSA-2010-0095.html