CVE-2021-45954
 
Severity Score
9.8
*CVSS v3.1
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
1
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
Dnsmasq 2.86 has a heap-based buffer overflow in extract_name (called from answer_auth and FuzzAuth). NOTE: the vendor's position is that CVE-2021-45951 through CVE-2021-45957 "do not represent real vulnerabilities, to the best of our knowledge.
** EN DISPUTA ** Dnsmasq versión 2.86 presenta un desbordamiento de buffer en la región heap de la memoria en la función extract_name (llamado desde answer_auth y FuzzAuth). NOTA: la posición del proveedor es que CVE-2021-45951 a CVE-2021-45957 "no representan vulnerabilidades reales, según nuestro conocimiento".
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality
Integrity
Availability
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2021-12-31 CVE Reserved
- 2021-12-31 CVE Published
- 2024-08-04 CVE Updated
- 2024-08-04 First Exploit
- 2024-09-15 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
CWE
- CWE-787: Out-of-bounds Write
CAPEC
References (4)
URL | Tag | Source |
---|---|---|
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/dnsmasq/OSV-2021-931.yaml | Third Party Advisory | |
https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2022q1/016162.html | Mailing List | |
https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2022q1/016164.html | Mailing List |
URL | Date | SRC |
---|---|---|
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35861 | 2024-08-04 |
URL | Date | SRC |
---|
URL | Date | SRC |
---|
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Thekelleys Search vendor "Thekelleys" | Dnsmasq Search vendor "Thekelleys" for product "Dnsmasq" | 2.86 Search vendor "Thekelleys" for product "Dnsmasq" and version "2.86" | - |
Affected
|