What is the severity of CVE-2009-2958?

CVE-2009-2958 is classified as a denial of service vulnerability due to a NULL pointer dereference in dnsmasq.

How do I fix CVE-2009-2958?

To fix CVE-2009-2958, upgrade dnsmasq to version 2.50 or later.

Which versions of dnsmasq are affected by CVE-2009-2958?

Affected versions of dnsmasq include all versions before 2.50, such as 0.4 up to 2.49.

What type of attacks can exploit CVE-2009-2958?

CVE-2009-2958 can be exploited by remote attackers sending a malformed TFTP RRQ request.

What impact does CVE-2009-2958 have on a system?

The impact of CVE-2009-2958 is a crash of the dnsmasq daemon, leading to a denial of service.

Vulnerability/
CVE-2009-2958

medium

4.3

CWE

399 476

31/8/2009

2/9/2009

7/8/2024

CVE-2009-2958: Null Pointer Dereference

First published: Mon Aug 31 2009(Updated: )

The tftp_request function in tftp.c in dnsmasq before 2.50, when --enable-tftp is used, allows remote attackers to cause a denial of service (NULL pointer dereference and daemon crash) via a TFTP read (aka RRQ) request with a malformed blksize option.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
redhat/dnsmasq	<0:2.45-1.1.el5_3	0:2.45-1.1.el5_3
the kelleys dnsmasq	=0.4
the kelleys dnsmasq	=2.11
the kelleys dnsmasq	=2.28
the kelleys dnsmasq	=2.39
the kelleys dnsmasq	=0.996
the kelleys dnsmasq	=1.8
the kelleys dnsmasq	=2.1
the kelleys dnsmasq	=2.25
the kelleys dnsmasq	=2.6
the kelleys dnsmasq	=1.2
the kelleys dnsmasq	=1.16
the kelleys dnsmasq	=0.98
the kelleys dnsmasq	=2.34
the kelleys dnsmasq	=2.7
the kelleys dnsmasq	=1.6
the kelleys dnsmasq	=2.23
the kelleys dnsmasq	=2.36
the kelleys dnsmasq	=2.41
the kelleys dnsmasq	=0.95
the kelleys dnsmasq	=2.22
the kelleys dnsmasq	=1.15
the kelleys dnsmasq	=2.46
the kelleys dnsmasq	=0.6
the kelleys dnsmasq	=2.9
the kelleys dnsmasq	=1.7
the kelleys dnsmasq	=2.14
the kelleys dnsmasq	=1.14
the kelleys dnsmasq	=1.12
the kelleys dnsmasq	=1.9
the kelleys dnsmasq	=0.992
the kelleys dnsmasq	=2.20
the kelleys dnsmasq	=2.13
the kelleys dnsmasq	=2.4
the kelleys dnsmasq	=2.44
the kelleys dnsmasq	=1.4
the kelleys dnsmasq	=1.3
the kelleys dnsmasq	=2.10
the kelleys dnsmasq	=1.10
the kelleys dnsmasq	=0.7
the kelleys dnsmasq	=2.3
the kelleys dnsmasq	=2.37
the kelleys dnsmasq	=2.43
the kelleys dnsmasq	=2.29
the kelleys dnsmasq	=2.40
the kelleys dnsmasq	=2.35
the kelleys dnsmasq	=2.17
the kelleys dnsmasq	=2.0
the kelleys dnsmasq	=2.19
the kelleys dnsmasq	=2.42
the kelleys dnsmasq	=2.24
the kelleys dnsmasq	=1.11
the kelleys dnsmasq	=1.17
the kelleys dnsmasq	=2.38
the kelleys dnsmasq	=2.16
the kelleys dnsmasq	=2.48
the kelleys dnsmasq	=1.0
the kelleys dnsmasq	=2.27
the kelleys dnsmasq	=2.33
the kelleys dnsmasq	=1.18
the kelleys dnsmasq	=1.5
the kelleys dnsmasq	=1.13
the kelleys dnsmasq	=2.45
the kelleys dnsmasq	=2.5
the kelleys dnsmasq	=2.47
the kelleys dnsmasq	=0.96
the kelleys dnsmasq	=2.30
the kelleys dnsmasq	=2.21
the kelleys dnsmasq	=0.5
the kelleys dnsmasq	=2.8
the kelleys dnsmasq	=2.26
the kelleys dnsmasq	=2.31
the kelleys dnsmasq	=2.2
the kelleys dnsmasq	<=2.49
the kelleys dnsmasq	=2.15
the kelleys dnsmasq	=2.12
the kelleys dnsmasq	=2.18

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

(Appears in the following advisories)

RHSA-2009:1238

Frequently Asked Questions

What is the severity of CVE-2009-2958?
CVE-2009-2958 is classified as a denial of service vulnerability due to a NULL pointer dereference in dnsmasq.
How do I fix CVE-2009-2958?
To fix CVE-2009-2958, upgrade dnsmasq to version 2.50 or later.
Which versions of dnsmasq are affected by CVE-2009-2958?
Affected versions of dnsmasq include all versions before 2.50, such as 0.4 up to 2.49.
What type of attacks can exploit CVE-2009-2958?
CVE-2009-2958 can be exploited by remote attackers sending a malformed TFTP RRQ request.
What impact does CVE-2009-2958 have on a system?
The impact of CVE-2009-2958 is a crash of the dnsmasq daemon, leading to a denial of service.

agent/type
agent/first-publish-date
agent/references
agent/author
agent/weakness
agent/severity
agent/description
collector/redhat-cve
source/Red Hat
agent/software-canonical-lookup
collector/mitre-cve
source/MITRE
agent/last-modified-date
agent/event
agent/trending
agent/source
agent/softwarecombine
agent/tags
collector/nvd-historical
agent/software-canonical-lookup-request
collector/nvd-index
package-manager/redhat
vendor/thekelleys
canonical/the kelleys dnsmasq
version/the kelleys dnsmasq/0.4
version/the kelleys dnsmasq/2.11
version/the kelleys dnsmasq/2.28
version/the kelleys dnsmasq/2.39
version/the kelleys dnsmasq/0.996
version/the kelleys dnsmasq/1.8
version/the kelleys dnsmasq/2.1
version/the kelleys dnsmasq/2.25
version/the kelleys dnsmasq/2.6
version/the kelleys dnsmasq/1.2
version/the kelleys dnsmasq/1.16
version/the kelleys dnsmasq/0.98
version/the kelleys dnsmasq/2.34
version/the kelleys dnsmasq/2.7
version/the kelleys dnsmasq/1.6
version/the kelleys dnsmasq/2.23
version/the kelleys dnsmasq/2.36
version/the kelleys dnsmasq/2.41
version/the kelleys dnsmasq/0.95
version/the kelleys dnsmasq/2.22
version/the kelleys dnsmasq/1.15
version/the kelleys dnsmasq/2.46
version/the kelleys dnsmasq/0.6
version/the kelleys dnsmasq/2.9
version/the kelleys dnsmasq/1.7
version/the kelleys dnsmasq/2.14
version/the kelleys dnsmasq/1.14
version/the kelleys dnsmasq/1.12
version/the kelleys dnsmasq/1.9
version/the kelleys dnsmasq/0.992
version/the kelleys dnsmasq/2.20
version/the kelleys dnsmasq/2.13
version/the kelleys dnsmasq/2.4
version/the kelleys dnsmasq/2.44
version/the kelleys dnsmasq/1.4
version/the kelleys dnsmasq/1.3
version/the kelleys dnsmasq/2.10
version/the kelleys dnsmasq/1.10
version/the kelleys dnsmasq/0.7
version/the kelleys dnsmasq/2.3
version/the kelleys dnsmasq/2.37
version/the kelleys dnsmasq/2.43
version/the kelleys dnsmasq/2.29
version/the kelleys dnsmasq/2.40
version/the kelleys dnsmasq/2.35
version/the kelleys dnsmasq/2.17
version/the kelleys dnsmasq/2.0
version/the kelleys dnsmasq/2.19
version/the kelleys dnsmasq/2.42
version/the kelleys dnsmasq/2.24
version/the kelleys dnsmasq/1.11
version/the kelleys dnsmasq/1.17
version/the kelleys dnsmasq/2.38
version/the kelleys dnsmasq/2.16
version/the kelleys dnsmasq/2.48
version/the kelleys dnsmasq/1.0
version/the kelleys dnsmasq/2.27
version/the kelleys dnsmasq/2.33
version/the kelleys dnsmasq/1.18
version/the kelleys dnsmasq/1.5
version/the kelleys dnsmasq/1.13
version/the kelleys dnsmasq/2.45
version/the kelleys dnsmasq/2.5
version/the kelleys dnsmasq/2.47
version/the kelleys dnsmasq/0.96
version/the kelleys dnsmasq/2.30
version/the kelleys dnsmasq/2.21
version/the kelleys dnsmasq/0.5
version/the kelleys dnsmasq/2.8
version/the kelleys dnsmasq/2.26
version/the kelleys dnsmasq/2.31
version/the kelleys dnsmasq/2.2
version/the kelleys dnsmasq/2.49
version/the kelleys dnsmasq/2.15
version/the kelleys dnsmasq/2.12
version/the kelleys dnsmasq/2.18

CVE-2009-2958: Null Pointer Dereference

Never miss a vulnerability like this again

Reference Links

Parent vulnerabilities

Frequently Asked Questions

What is the severity of CVE-2009-2958?

How do I fix CVE-2009-2958?

Which versions of dnsmasq are affected by CVE-2009-2958?

What type of attacks can exploit CVE-2009-2958?

What impact does CVE-2009-2958 have on a system?

Company

Resources

Contact

Frequently Asked Questions

What is the severity of CVE-2009-2958?

How do I fix CVE-2009-2958?

Which versions of dnsmasq are affected by CVE-2009-2958?

What type of attacks can exploit CVE-2009-2958?

What impact does CVE-2009-2958 have on a system?