FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

nothing found there

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
5b5cf6e5-5b51-11eb-95ac-7f9491278677dnsmasq -- DNS cache poisoning, and DNSSEC buffer overflow, vulnerabilities

Simon Kelley reports:

There are broadly two sets of problems. The first is subtle errors in dnsmasq's protections against the chronic weakness of the DNS protocol to cache-poisoning attacks; the Birthday attack, Kaminsky, etc.[...]

the second set of errors is a good old fashioned buffer overflow in dnsmasq's DNSSEC code. If DNSSEC validation is enabled, an installation is at risk.


Discovery 2020-09-16
Entry 2021-01-20
dnsmasq
lt 2.83

dnsmasq-devel
lt 2.83

https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2021q1/014599.html
https://www.jsof-tech.com/disclosures/dnspooq/
CVE-2020-25684
CVE-2020-25685
CVE-2020-25686
CVE-2020-25681
CVE-2020-25682
CVE-2020-25683
CVE-2020-25687
875e4cf8-3f0e-11e6-b3c8-14dae9d210b8dnsmasq -- denial of service

reports:

Dnsmasq before 2.76 allows remote servers to cause a denial of service (crash) via a reply with an empty DNS address that has an (1) A or (2) AAAA record defined locally.


Discovery 2016-04-18
Entry 2016-06-30
Modified 2016-06-30
dnsmasq
lt 2.76,1

dnsmasq-devel
lt 2.76.0test1

http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2016q2/010479.html
http://www.openwall.com/lists/oss-security/2016/06/03/7
CVE-2015-8899
5b72b1ff-877c-11eb-bd4f-2f1d57dafe46dnsmasq -- cache poisoning vulnerability in certain configurations

Simon Kelley reports:

[In configurations where the forwarding server address contains an @ character for specifying a sending interface or source address, the] random source port behavior was disabled, making cache poisoning attacks possible.

This only affects configurations of the form server=1.1.1.1@em0 or server=1.1.1.1@192.0.2.1, i. e. those that specify an interface to send through, or an IP address to send from, or use together with NetworkManager.


Discovery 2021-03-17
Entry 2021-03-18
dnsmasq
lt 2.85.r1,1

dnsmasq-devel
lt 2.85.r1,3

https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2021q1/014835.html
CVE-2021-3448
37569eb7-0125-11e5-9d98-080027ef73ecdnsmasq -- data exposure and denial of service

Nick Sampanis reported a potential memory exposure and denial of service vulnerability against dnsmasq 2.72. The CVE entry summarizes this as:

The tcp_request function in Dnsmasq before 2.73rc4 does not properly handle the return value of the setup_reply function, which allows remote attackers to read process memory and cause a denial of service (out-of-bounds read and crash) via a malformed DNS request."


Discovery 2015-04-07
Entry 2015-05-23
dnsmasq
lt 2.72_1

dnsmasq-devel
lt 2.73rc4

http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2015q2/009382.html
CVE-2015-3294
http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commitdiff;h=ad4a8ff7d9097008d7623df8543df435bfddeac8
b77b5646-a778-11e7-ac58-b499baebfeafdnsmasq -- multiple vulnerabilities

Google Project Zero reports:

  • CVE-2017-14491: Heap based overflow (2 bytes). Before 2.76 and this commit overflow was unrestricted.
  • CVE-2017-14492: Heap based overflow.
  • CVE-2017-14493: Stack Based overflow.
  • CVE-2017-14494: Information Leak
  • CVE-2017-14495: Lack of free()
  • CVE-2017-14496: Invalid boundary checks. Integer underflow leading to a huge memcpy.
  • CVE-2017-13704: Crash on large DNS query

Discovery 2017-10-02
Entry 2017-10-02
dnsmasq
lt 2.78,1

dnsmasq-devel
lt 2.78

https://security.googleblog.com/2017/10/behind-masq-yet-more-dns-and-dhcp.html
CVE-2017-14491
CVE-2017-14492
CVE-2017-14493
CVE-2017-14494
CVE-2017-14495
CVE-2017-14496
CVE-2017-13704