CVE-2015-3294
dnsmasq - security update
EPSS 0.18%
Description
The tcp_request function in Dnsmasq before 2.73rc4 does not properly handle the return value of the setup_reply function, which allows remote attackers to read process memory and cause a denial of service (out-of-bounds read and crash) via a malformed DNS request.
How to fix CVE-2015-3294
To remediate CVE-2015-3294, upgrade the affected package to a fixed version below.
- Debian/dnsmasq—upgrade to 2.72-3.1 or later
- Debian/dnsmasq—upgrade to 2.55-2+deb6u1 or later
- Debian/dnsmasq—upgrade to 2.62-3+deb7u2 or later
Is CVE-2015-3294 being exploited?
Low — EPSS is 0.2%, meaning exploitation activity has not been observed at scale.
Affected packages (3)
- from 0, < 2.72-3.1
- from 0, < 2.55-2+deb6u1
- from 0, < 2.62-3+deb7u2