FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The VUXML data was last processed by FreshPorts on 2024-12-02 20:06:50 UTC

List all Vulnerabilities, by package

List all Vulnerabilities, by date

k68

These are the vulnerabilities relating to the commit you have selected:

VuXML ID	Description
3f321a5a-b33b-11ec-80c2-1bb2c6a00592	dnsmasq -- heap use-after-free in dhcp6_no_relay Petr MenÃÂ¡ÃÂk reports: Possible vulnerability [...] found in latest dnsmasq. It [was] found with help of oss-fuzz Google project by me and short after that independently also by Richard Johnson of Trellix Threat Labs. It is affected only by DHCPv6 requests, which could be crafted to modify already freed memory. [...] We think it might be triggered remotely, but we do not think it could be used to execute remote code. Discovery 2022-03-31 Entry 2022-04-03 dnsmasq < 2.86_4,1 dnsmasq-devel < 2.86_4,1 CVE-2022-0934 https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2022q1/016272.html
5b72b1ff-877c-11eb-bd4f-2f1d57dafe46	dnsmasq -- cache poisoning vulnerability in certain configurations Simon Kelley reports: [In configurations where the forwarding server address contains an @ character for specifying a sending interface or source address, the] random source port behavior was disabled, making cache poisoning attacks possible. This only affects configurations of the form server=1.1.1.1@em0 or server=1.1.1.1@192.0.2.1, i. e. those that specify an interface to send through, or an IP address to send from, or use together with NetworkManager. Discovery 2021-03-17 Entry 2021-03-18 dnsmasq < 2.85.r1,1 dnsmasq-devel < 2.85.r1,3 https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2021q1/014835.html CVE-2021-3448

VuXML ID

Description

3f321a5a-b33b-11ec-80c2-1bb2c6a00592

dnsmasq -- heap use-after-free in dhcp6_no_relay

Petr MenÃÂ¡ÃÂk reports:

Possible vulnerability [...] found in latest dnsmasq. It [was] found with help of oss-fuzz Google project by me and short after that independently also by Richard Johnson of Trellix Threat Labs.

It is affected only by DHCPv6 requests, which could be crafted to modify already freed memory. [...] We think it might be triggered remotely, but we do not think it could be used to execute remote code.

Discovery 2022-03-31
Entry 2022-04-03
dnsmasq

< 2.86_4,1

dnsmasq-devel

< 2.86_4,1

CVE-2022-0934
https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2022q1/016272.html

5b72b1ff-877c-11eb-bd4f-2f1d57dafe46

dnsmasq -- cache poisoning vulnerability in certain configurations

Simon Kelley reports:

[In configurations where the forwarding server address contains an @ character for specifying a sending interface or source address, the] random source port behavior was disabled, making cache poisoning attacks possible.

This only affects configurations of the form server=1.1.1.1@em0 or server=1.1.1.1@192.0.2.1, i. e. those that specify an interface to send through, or an IP address to send from, or use together with NetworkManager.

Discovery 2021-03-17
Entry 2021-03-18
dnsmasq

< 2.85.r1,1

dnsmasq-devel

< 2.85.r1,3

https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2021q1/014835.html
CVE-2021-3448