CVE-2009-2957

EUVD-2009-2944
Heap-based buffer overflow in the tftp_request function in tftp.c in dnsmasq before 2.50, when --enable-tftp is used, might allow remote attackers to execute arbitrary code via a long filename in a TFTP packet, as demonstrated by a read (aka RRQ) request.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.8 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:P/I:P/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 92%
Affected Products (NVD)
VendorProductVersion
thekelleysdnsmasq
𝑥
≤ 2.49
thekelleysdnsmasq
0.4
thekelleysdnsmasq
0.5
thekelleysdnsmasq
0.6
thekelleysdnsmasq
0.7
thekelleysdnsmasq
0.95
thekelleysdnsmasq
0.96
thekelleysdnsmasq
0.98
thekelleysdnsmasq
0.992
thekelleysdnsmasq
0.996
thekelleysdnsmasq
1.0
thekelleysdnsmasq
1.2
thekelleysdnsmasq
1.3
thekelleysdnsmasq
1.4
thekelleysdnsmasq
1.5
thekelleysdnsmasq
1.6
thekelleysdnsmasq
1.7
thekelleysdnsmasq
1.8
thekelleysdnsmasq
1.9
thekelleysdnsmasq
1.10
thekelleysdnsmasq
1.11
thekelleysdnsmasq
1.12
thekelleysdnsmasq
1.13
thekelleysdnsmasq
1.14
thekelleysdnsmasq
1.15
thekelleysdnsmasq
1.16
thekelleysdnsmasq
1.17
thekelleysdnsmasq
1.18
thekelleysdnsmasq
2.0
thekelleysdnsmasq
2.1
thekelleysdnsmasq
2.2
thekelleysdnsmasq
2.3
thekelleysdnsmasq
2.4
thekelleysdnsmasq
2.5
thekelleysdnsmasq
2.6
thekelleysdnsmasq
2.7
thekelleysdnsmasq
2.8
thekelleysdnsmasq
2.9
thekelleysdnsmasq
2.10
thekelleysdnsmasq
2.11
thekelleysdnsmasq
2.12
thekelleysdnsmasq
2.13
thekelleysdnsmasq
2.14
thekelleysdnsmasq
2.15
thekelleysdnsmasq
2.16
thekelleysdnsmasq
2.17
thekelleysdnsmasq
2.18
thekelleysdnsmasq
2.19
thekelleysdnsmasq
2.20
thekelleysdnsmasq
2.21
thekelleysdnsmasq
2.22
thekelleysdnsmasq
2.23
thekelleysdnsmasq
2.24
thekelleysdnsmasq
2.25
thekelleysdnsmasq
2.26
thekelleysdnsmasq
2.27
thekelleysdnsmasq
2.28
thekelleysdnsmasq
2.29
thekelleysdnsmasq
2.30
thekelleysdnsmasq
2.31
thekelleysdnsmasq
2.33
thekelleysdnsmasq
2.34
thekelleysdnsmasq
2.35
thekelleysdnsmasq
2.36
thekelleysdnsmasq
2.37
thekelleysdnsmasq
2.38
thekelleysdnsmasq
2.39
thekelleysdnsmasq
2.40
thekelleysdnsmasq
2.41
thekelleysdnsmasq
2.42
thekelleysdnsmasq
2.43
thekelleysdnsmasq
2.44
thekelleysdnsmasq
2.45
thekelleysdnsmasq
2.46
thekelleysdnsmasq
2.47
thekelleysdnsmasq
2.48
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
dnsmasq
bookworm
2.89-1
fixed
bullseye
2.85-1
fixed
sid
2.90-4
fixed
trixie
2.90-4
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
dnsmasq
dapper
not-affected
hardy
Fixed 2.41-2ubuntu2.2
released
intrepid
Fixed 2.45-1ubuntu1.1
released
jaunty
Fixed 2.47-3ubuntu0.1
released
Common Weakness Enumeration
References
http://secunia.com/advisories/36563
http://www.coresecurity.com/content/dnsmasq-vulnerabilities
http://www.redhat.com/support/errata/RHSA-2009-1238.html
http://www.securityfocus.com/bid/36121
http://www.thekelleys.org.uk/dnsmasq/CHANGELOG
http://www.ubuntu.com/usn/USN-827-1
https://bugzilla.redhat.com/show_bug.cgi?id=519020
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10538
https://rhn.redhat.com/errata/RHSA-2010-0095.html
http://secunia.com/advisories/36563
http://www.coresecurity.com/content/dnsmasq-vulnerabilities
http://www.redhat.com/support/errata/RHSA-2009-1238.html
http://www.securityfocus.com/bid/36121
http://www.thekelleys.org.uk/dnsmasq/CHANGELOG
http://www.ubuntu.com/usn/USN-827-1
https://bugzilla.redhat.com/show_bug.cgi?id=519020
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10538
https://rhn.redhat.com/errata/RHSA-2010-0095.html