CVE-2023-28450
First published: Wed Mar 15 2023(Updated: )
An issue was discovered in Dnsmasq before 2.90. The default maximum EDNS.0 UDP packet size was set to 4096 but should be 1232 because of DNS Flag Day 2020.
Credit: cve@mitre.org cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Thekelleys Dnsmasq | <2.90 | |
| debian/dnsmasq | <=2.85-1<=2.89-1 | 2.90-4 |
Remedy
https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=eb92fb32b746f2104b0f370b5b295bb8dd4bd5e5
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://capec.mitre.org/data/definitions/495.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6UQ6LKDTLSSD64TBIZ3XEKBM2SWC63VV/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OU2ZT4ITSEOOR2CFBAHK4Z67KXJIEWQA/
- https://thekelleys.org.uk/dnsmasq/doc.html
- https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=blob;f=CHANGELOG
- https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=eb92fb32b746f2104b0f370b5b295bb8dd4bd5e5
- https://launchpad.net/bugs/cve/CVE-2023-28450
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6UQ6LKDTLSSD64TBIZ3XEKBM2SWC63VV/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OU2ZT4ITSEOOR2CFBAHK4Z67KXJIEWQA/
- https://thekelleys.org.uk/gitweb/?p=dnsmasq.git%3Ba=blob%3Bf=CHANGELOG
- https://thekelleys.org.uk/gitweb/?p=dnsmasq.git%3Ba=commit%3Bh=eb92fb32b746f2104b0f370b5b295bb8dd4bd5e5
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2178954
- https://access.redhat.com/errata/RHSA-2023:6524
- https://access.redhat.com/errata/RHSA-2023:7046
- https://access.redhat.com/errata/RHSA-2024:1544
- https://access.redhat.com/errata/RHSA-2024:1545
- https://access.redhat.com/errata/RHSA-2024:4052
- https://bugzilla.redhat.com/show_bug.cgi?id=2178948
- https://security-tracker.debian.org/tracker/CVE-2023-28450
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-28450
- https://nvd.nist.gov/vuln/detail/CVE-2023-28450
- https://ubuntu.com/security/CVE-2023-28450
Frequently Asked Questions
What is CVE-2023-28450?
CVE-2023-28450 is an issue discovered in Dnsmasq before version 2.90 where the default maximum EDNS.0 UDP packet size was set incorrectly.
What is the severity of CVE-2023-28450?
The severity of CVE-2023-28450 is high with a CVSS score of 7.5.
What software is affected by CVE-2023-28450?
Dnsmasq versions up to exclusive 2.90 are affected by CVE-2023-28450.
How can I fix CVE-2023-28450?
To fix CVE-2023-28450, upgrade to Dnsmasq version 2.90 or later.
Where can I find more information about CVE-2023-28450?
You can find more information about CVE-2023-28450 at the MITRE website and the Fedora Project mailing list.
- collector/nvd-index
- agent/type
- agent/remedy
- agent/first-publish-date
- collector/launchpad-cve
- source/Launchpad
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup
- agent/author
- agent/severity
- agent/description
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2023-28450
- agent/references
- collector/security-tracker-debian
- source/Debian
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/tags
- collector/usn-cve
- source/Ubuntu
- vendor/thekelleys
- canonical/thekelleys dnsmasq
- package-manager/debian