Improper input validation in Thekelleys Dnsmasq
CVE-2013-0198
Dnsmasq before 2.66test2, when used with certain libvirt configurations, replies to queries from prohibited interfaces, which allows remote attackers to cause a denial of service (traffic amplification) via spoofed TCP based DNS queries…
Vulnerability class: Drupalgeddon 2 (CVE-2018-7600)
EPSS: 0.001 (16.3th percentile) — read the EPSS interpretation.
Affected products
- Thekelleys Dnsmasq
- N/a — versions n/a
Weakness classification (CWE)
References
- secalert@redhat.com (Exploit, Patch, Third Party Advisory, x_refsource_MISC, Issue Tracking)
- MDVSA-2013:072 (vendor-advisory, Third Party Advisory, x_refsource_MANDRIVA)
- secalert@redhat.com (x_refsource_CONFIRM)
- [oss-security] 20130118 Re: CVE Request -- dnsmasq: Incomplete fix for the CVE-2012-3411 issue (mailing-list, x_refsource_MLIST, Mailing List, Third Party Advisory)
- [oss-security] 20130118 CVE Request -- dnsmasq: Incomplete fix for the CVE-2012-3411 issue (mailing-list, x_refsource_MLIST, Mailing List, Third Party Advisory)