FreshPorts - VuXML

This page displays vulnerability information about FreeBSD Ports.

The last vuln.xml file processed by FreshPorts is:

nothing found there

List all Vulnerabilities, by package

List all Vulnerabilities, by date

These are the vulnerabilities relating to the commit you have selected:

VuXML IDDescription
5b72b1ff-877c-11eb-bd4f-2f1d57dafe46dnsmasq -- cache poisoning vulnerability in certain configurations

Simon Kelley reports:

[In configurations where the forwarding server address contains an @ character for specifying a sending interface or source address, the] random source port behavior was disabled, making cache poisoning attacks possible.

This only affects configurations of the form server=1.1.1.1@em0 or server=1.1.1.1@192.0.2.1, i. e. those that specify an interface to send through, or an IP address to send from, or use together with NetworkManager.


Discovery 2021-03-17
Entry 2021-03-18
dnsmasq
lt 2.85.r1,1

dnsmasq-devel
lt 2.85.r1,3

https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2021q1/014835.html
CVE-2021-3448