CVE-2023-28450

An issue was discovered in Dnsmasq before 2.90. The default maximum EDNS.0 UDP packet size was set to 4096 but should be 1232 because of DNS Flag Day 2020.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
7.5 HIGH
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 1%
Affected Products (NVD)
VendorProductVersion
thekelleysdnsmasq
𝑥
< 2.90
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
dnsmasq
bookworm
no-dsa
bullseye
vulnerable
bullseye (security)
2.85-1+deb11u1
fixed
buster
no-dsa
sid
2.90-7
fixed
trixie
2.90-7
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
dnsmasq
bionic
Fixed 2.79-1ubuntu0.7
released
focal
Fixed 2.80-1.1ubuntu1.7
released
jammy
Fixed 2.86-1.1ubuntu0.3
released
kinetic
Fixed 2.86-1.1ubuntu2.1
released
lunar
ignored
mantic
Fixed 2.90-0ubuntu0.23.10.1
released
noble
Fixed 2.90-1
released
trusty
Fixed 2.68-1ubuntu0.2+esm2
released
xenial
Fixed 2.79-1ubuntu0.16.04.1+esm2
released
Red Hat logo
Red Hat Enterprise Linux Releases
Red Hat Product
Release
dnsmasq
RHEL 8
0:2.79-31.el8
fixed
RHEL 8.6 AUS
0:2.79-21.el8_6.5
fixed
RHEL 8.6 E4S
0:2.79-21.el8_6.5
fixed
RHEL 8.6 EUS
0:2.79-21.el8_6.5
fixed
RHEL 8.6 TUS
0:2.79-21.el8_6.5
fixed
RHEL 8.8 AUS
0:2.79-26.el8_8.4
fixed
RHEL 8.8 E4S
0:2.79-26.el8_8.4
fixed
RHEL 8.8 EUS
0:2.79-26.el8_8.4
fixed
RHEL 8.8 TUS
0:2.79-26.el8_8.4
fixed
RHEL 9
0:2.85-14.el9
fixed
dnsmasq-utils
RHEL 8
0:2.79-31.el8
fixed
RHEL 8.6 AUS
0:2.79-21.el8_6.5
fixed
RHEL 8.6 E4S
0:2.79-21.el8_6.5
fixed
RHEL 8.6 EUS
0:2.79-21.el8_6.5
fixed
RHEL 8.6 TUS
0:2.79-21.el8_6.5
fixed
RHEL 8.8 AUS
0:2.79-26.el8_8.4
fixed
RHEL 8.8 E4S
0:2.79-26.el8_8.4
fixed
RHEL 8.8 EUS
0:2.79-26.el8_8.4
fixed
RHEL 8.8 TUS
0:2.79-26.el8_8.4
fixed
RHEL 9
0:2.85-14.el9
fixed
References
https://capec.mitre.org/data/definitions/495.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6UQ6LKDTLSSD64TBIZ3XEKBM2SWC63VV/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OU2ZT4ITSEOOR2CFBAHK4Z67KXJIEWQA/
https://thekelleys.org.uk/dnsmasq/doc.html
https://thekelleys.org.uk/gitweb/?p=dnsmasq.git%3Ba=blob%3Bf=CHANGELOG
https://thekelleys.org.uk/gitweb/?p=dnsmasq.git%3Ba=commit%3Bh=eb92fb32b746f2104b0f370b5b295bb8dd4bd5e5
https://capec.mitre.org/data/definitions/495.html
https://lists.debian.org/debian-lts-announce/2024/11/msg00035.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6UQ6LKDTLSSD64TBIZ3XEKBM2SWC63VV/
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OU2ZT4ITSEOOR2CFBAHK4Z67KXJIEWQA/
https://thekelleys.org.uk/dnsmasq/doc.html
https://thekelleys.org.uk/gitweb/?p=dnsmasq.git%3Ba=blob%3Bf=CHANGELOG
https://thekelleys.org.uk/gitweb/?p=dnsmasq.git%3Ba=commit%3Bh=eb92fb32b746f2104b0f370b5b295bb8dd4bd5e5