CVE-2015-8899: Input Validation
First published: Thu Jun 30 2016(Updated: )
Dnsmasq before 2.76 allows remote servers to cause a denial of service (crash) via a reply with an empty DNS address that has an (1) A or (2) AAAA record defined locally.
Credit: security@ubuntu.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Canonical Ubuntu Linux | =15.10 | |
| Canonical Ubuntu Linux | =16.04 | |
| Thekelleys Dnsmasq | <=2.75 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2016q2/010479.html
- http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2016q2/010505.html
- http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=41a8d9e99be9f2cc8b02051dd322cb45e0faac87
- http://www.openwall.com/lists/oss-security/2016/06/03/7
- http://www.openwall.com/lists/oss-security/2016/06/04/2
- http://www.securityfocus.com/bid/91031
- http://www.securitytracker.com/id/1036045
- http://www.ubuntu.com/usn/USN-3009-1
- http://thekelleys.org.uk/gitweb/?p=dnsmasq.git%3Ba=commit%3Bh=41a8d9e99be9f2cc8b02051dd322cb45e0faac87
- collector/nvd-index
- agent/type
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/author
- agent/severity
- agent/weakness
- agent/references
- agent/last-modified-date
- agent/first-publish-date
- agent/tags
- agent/description
- agent/event
- vendor/canonical
- canonical/canonical ubuntu linux
- version/canonical ubuntu linux/15.10
- version/canonical ubuntu linux/16.04
- vendor/thekelleys
- canonical/thekelleys dnsmasq
- version/thekelleys dnsmasq/2.75