CVE-2009-2958

EUVD-2009-2945
The tftp_request function in tftp.c in dnsmasq before 2.50, when --enable-tftp is used, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a TFTP read (aka RRQ) request with a malformed blksize option.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
4.3 UNKNOWN
NETWORK
MEDIUM
AV:N/AC:M/Au:N/C:N/I:N/A:P
Base Score
CVSS 3.x
EPSS Score
Percentile: 78%
Affected Products (NVD)
VendorProductVersion
thekelleysdnsmasq
𝑥
≤ 2.49
thekelleysdnsmasq
0.4
thekelleysdnsmasq
0.5
thekelleysdnsmasq
0.6
thekelleysdnsmasq
0.7
thekelleysdnsmasq
0.95
thekelleysdnsmasq
0.96
thekelleysdnsmasq
0.98
thekelleysdnsmasq
0.992
thekelleysdnsmasq
0.996
thekelleysdnsmasq
1.0
thekelleysdnsmasq
1.2
thekelleysdnsmasq
1.3
thekelleysdnsmasq
1.4
thekelleysdnsmasq
1.5
thekelleysdnsmasq
1.6
thekelleysdnsmasq
1.7
thekelleysdnsmasq
1.8
thekelleysdnsmasq
1.9
thekelleysdnsmasq
1.10
thekelleysdnsmasq
1.11
thekelleysdnsmasq
1.12
thekelleysdnsmasq
1.13
thekelleysdnsmasq
1.14
thekelleysdnsmasq
1.15
thekelleysdnsmasq
1.16
thekelleysdnsmasq
1.17
thekelleysdnsmasq
1.18
thekelleysdnsmasq
2.0
thekelleysdnsmasq
2.1
thekelleysdnsmasq
2.2
thekelleysdnsmasq
2.3
thekelleysdnsmasq
2.4
thekelleysdnsmasq
2.5
thekelleysdnsmasq
2.6
thekelleysdnsmasq
2.7
thekelleysdnsmasq
2.8
thekelleysdnsmasq
2.9
thekelleysdnsmasq
2.10
thekelleysdnsmasq
2.11
thekelleysdnsmasq
2.12
thekelleysdnsmasq
2.13
thekelleysdnsmasq
2.14
thekelleysdnsmasq
2.15
thekelleysdnsmasq
2.16
thekelleysdnsmasq
2.17
thekelleysdnsmasq
2.18
thekelleysdnsmasq
2.19
thekelleysdnsmasq
2.20
thekelleysdnsmasq
2.21
thekelleysdnsmasq
2.22
thekelleysdnsmasq
2.23
thekelleysdnsmasq
2.24
thekelleysdnsmasq
2.25
thekelleysdnsmasq
2.26
thekelleysdnsmasq
2.27
thekelleysdnsmasq
2.28
thekelleysdnsmasq
2.29
thekelleysdnsmasq
2.30
thekelleysdnsmasq
2.31
thekelleysdnsmasq
2.33
thekelleysdnsmasq
2.34
thekelleysdnsmasq
2.35
thekelleysdnsmasq
2.36
thekelleysdnsmasq
2.37
thekelleysdnsmasq
2.38
thekelleysdnsmasq
2.39
thekelleysdnsmasq
2.40
thekelleysdnsmasq
2.41
thekelleysdnsmasq
2.42
thekelleysdnsmasq
2.43
thekelleysdnsmasq
2.44
thekelleysdnsmasq
2.45
thekelleysdnsmasq
2.46
thekelleysdnsmasq
2.47
thekelleysdnsmasq
2.48
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
dnsmasq
bookworm
2.89-1
fixed
bullseye
2.85-1
fixed
sid
2.90-4
fixed
trixie
2.90-4
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
dnsmasq
dapper
not-affected
hardy
Fixed 2.41-2ubuntu2.2
released
intrepid
Fixed 2.45-1ubuntu1.1
released
jaunty
Fixed 2.47-3ubuntu0.1
released
Common Weakness Enumeration
References
http://secunia.com/advisories/36563
http://www.coresecurity.com/content/dnsmasq-vulnerabilities
http://www.redhat.com/support/errata/RHSA-2009-1238.html
http://www.securityfocus.com/bid/36120
http://www.thekelleys.org.uk/dnsmasq/CHANGELOG
http://www.ubuntu.com/usn/USN-827-1
https://bugzilla.redhat.com/show_bug.cgi?id=519020
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9816
https://rhn.redhat.com/errata/RHSA-2010-0095.html
http://secunia.com/advisories/36563
http://www.coresecurity.com/content/dnsmasq-vulnerabilities
http://www.redhat.com/support/errata/RHSA-2009-1238.html
http://www.securityfocus.com/bid/36120
http://www.thekelleys.org.uk/dnsmasq/CHANGELOG
http://www.ubuntu.com/usn/USN-827-1
https://bugzilla.redhat.com/show_bug.cgi?id=519020
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9816
https://rhn.redhat.com/errata/RHSA-2010-0095.html