Vulnerability-Lookup

CVE-2015-3294 (GCVE-0-2015-3294)

Vulnerability from cvelistv5 – Published: 2015-05-08 14:00 – Updated: 2024-08-06 05:39

Summary

The tcp_request function in Dnsmasq before 2.73rc4 does not properly handle the return value of the setup_reply function, which allows remote attackers to read process memory and cause a denial of service (out-of-bounds read and crash) via a malformed DNS request.

Severity ?

No CVSS data available.

CWE

Assigner

mitre

References

URL

Tags

	http://www.debian.org/security/2015/dsa-3251	vendor-advisoryx_refsource_DEBIAN
	http://lists.thekelleys.org.uk/pipermail/dnsmasq-…	mailing-listx_refsource_MLIST
	http://lists.opensuse.org/opensuse-updates/2015-0…	vendor-advisoryx_refsource_SUSE
	http://thekelleys.org.uk/gitweb/?p=dnsmasq.git%3B…	x_refsource_CONFIRM
	http://www.oracle.com/technetwork/topics/security…	x_refsource_CONFIRM
	http://www.ubuntu.com/usn/USN-2593-1	vendor-advisoryx_refsource_UBUNTU
	https://security.gentoo.org/glsa/201512-01	vendor-advisoryx_refsource_GENTOO
	http://lists.thekelleys.org.uk/pipermail/dnsmasq-…	mailing-listx_refsource_MLIST
	http://www.securitytracker.com/id/1032195	vdb-entryx_refsource_SECTRACK
	http://www.securityfocus.com/bid/74452	vdb-entryx_refsource_BID
	http://www.securityfocus.com/archive/1/535354/100…	mailing-listx_refsource_BUGTRAQ

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-06T05:39:32.054Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "DSA-3251",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "http://www.debian.org/security/2015/dsa-3251"
          },
          {
            "name": "[Dnsmasq-discuss] 20150407 dnsmsaq potential vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2015q2/009382.html"
          },
          {
            "name": "openSUSE-SU-2015:0857",
            "tags": [
              "vendor-advisory",
              "x_refsource_SUSE",
              "x_transferred"
            ],
            "url": "http://lists.opensuse.org/opensuse-updates/2015-05/msg00013.html"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://thekelleys.org.uk/gitweb/?p=dnsmasq.git%3Ba=commitdiff%3Bh=ad4a8ff7d9097008d7623df8543df435bfddeac8"
          },
          {
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
          },
          {
            "name": "USN-2593-1",
            "tags": [
              "vendor-advisory",
              "x_refsource_UBUNTU",
              "x_transferred"
            ],
            "url": "http://www.ubuntu.com/usn/USN-2593-1"
          },
          {
            "name": "GLSA-201512-01",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/201512-01"
          },
          {
            "name": "[Dnsmasq-discuss] 20150407 dnsmsaq potential vulnerability",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2015q2/009387.html"
          },
          {
            "name": "1032195",
            "tags": [
              "vdb-entry",
              "x_refsource_SECTRACK",
              "x_transferred"
            ],
            "url": "http://www.securitytracker.com/id/1032195"
          },
          {
            "name": "74452",
            "tags": [
              "vdb-entry",
              "x_refsource_BID",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/bid/74452"
          },
          {
            "name": "20150423 Dnsmasq 2.72 Unchecked returned value",
            "tags": [
              "mailing-list",
              "x_refsource_BUGTRAQ",
              "x_transferred"
            ],
            "url": "http://www.securityfocus.com/archive/1/535354/100/1100/threaded"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "n/a",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "n/a"
            }
          ]
        }
      ],
      "datePublic": "2015-04-07T00:00:00.000Z",
      "descriptions": [
        {
          "lang": "en",
          "value": "The tcp_request function in Dnsmasq before 2.73rc4 does not properly handle the return value of the setup_reply function, which allows remote attackers to read process memory and cause a denial of service (out-of-bounds read and crash) via a malformed DNS request."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "description": "n/a",
              "lang": "en",
              "type": "text"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2018-10-09T18:57:01.000Z",
        "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
        "shortName": "mitre"
      },
      "references": [
        {
          "name": "DSA-3251",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "http://www.debian.org/security/2015/dsa-3251"
        },
        {
          "name": "[Dnsmasq-discuss] 20150407 dnsmsaq potential vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2015q2/009382.html"
        },
        {
          "name": "openSUSE-SU-2015:0857",
          "tags": [
            "vendor-advisory",
            "x_refsource_SUSE"
          ],
          "url": "http://lists.opensuse.org/opensuse-updates/2015-05/msg00013.html"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://thekelleys.org.uk/gitweb/?p=dnsmasq.git%3Ba=commitdiff%3Bh=ad4a8ff7d9097008d7623df8543df435bfddeac8"
        },
        {
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
        },
        {
          "name": "USN-2593-1",
          "tags": [
            "vendor-advisory",
            "x_refsource_UBUNTU"
          ],
          "url": "http://www.ubuntu.com/usn/USN-2593-1"
        },
        {
          "name": "GLSA-201512-01",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/201512-01"
        },
        {
          "name": "[Dnsmasq-discuss] 20150407 dnsmsaq potential vulnerability",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2015q2/009387.html"
        },
        {
          "name": "1032195",
          "tags": [
            "vdb-entry",
            "x_refsource_SECTRACK"
          ],
          "url": "http://www.securitytracker.com/id/1032195"
        },
        {
          "name": "74452",
          "tags": [
            "vdb-entry",
            "x_refsource_BID"
          ],
          "url": "http://www.securityfocus.com/bid/74452"
        },
        {
          "name": "20150423 Dnsmasq 2.72 Unchecked returned value",
          "tags": [
            "mailing-list",
            "x_refsource_BUGTRAQ"
          ],
          "url": "http://www.securityfocus.com/archive/1/535354/100/1100/threaded"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2015-3294",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "n/a",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "n/a"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "The tcp_request function in Dnsmasq before 2.73rc4 does not properly handle the return value of the setup_reply function, which allows remote attackers to read process memory and cause a denial of service (out-of-bounds read and crash) via a malformed DNS request."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "n/a"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "DSA-3251",
              "refsource": "DEBIAN",
              "url": "http://www.debian.org/security/2015/dsa-3251"
            },
            {
              "name": "[Dnsmasq-discuss] 20150407 dnsmsaq potential vulnerability",
              "refsource": "MLIST",
              "url": "http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2015q2/009382.html"
            },
            {
              "name": "openSUSE-SU-2015:0857",
              "refsource": "SUSE",
              "url": "http://lists.opensuse.org/opensuse-updates/2015-05/msg00013.html"
            },
            {
              "name": "http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commitdiff;h=ad4a8ff7d9097008d7623df8543df435bfddeac8",
              "refsource": "CONFIRM",
              "url": "http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commitdiff;h=ad4a8ff7d9097008d7623df8543df435bfddeac8"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html",
              "refsource": "CONFIRM",
              "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
            },
            {
              "name": "USN-2593-1",
              "refsource": "UBUNTU",
              "url": "http://www.ubuntu.com/usn/USN-2593-1"
            },
            {
              "name": "GLSA-201512-01",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/201512-01"
            },
            {
              "name": "[Dnsmasq-discuss] 20150407 dnsmsaq potential vulnerability",
              "refsource": "MLIST",
              "url": "http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2015q2/009387.html"
            },
            {
              "name": "1032195",
              "refsource": "SECTRACK",
              "url": "http://www.securitytracker.com/id/1032195"
            },
            {
              "name": "74452",
              "refsource": "BID",
              "url": "http://www.securityfocus.com/bid/74452"
            },
            {
              "name": "20150423 Dnsmasq 2.72 Unchecked returned value",
              "refsource": "BUGTRAQ",
              "url": "http://www.securityfocus.com/archive/1/535354/100/1100/threaded"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
    "assignerShortName": "mitre",
    "cveId": "CVE-2015-3294",
    "datePublished": "2015-05-08T14:00:00.000Z",
    "dateReserved": "2015-04-10T00:00:00.000Z",
    "dateUpdated": "2024-08-06T05:39:32.054Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1"
}

GSD-2015-3294

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

Aliases

CVE-2015-3294

Aliases

CVE-2015-3294

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2015-3294",
    "description": "The tcp_request function in Dnsmasq before 2.73rc4 does not properly handle the return value of the setup_reply function, which allows remote attackers to read process memory and cause a denial of service (out-of-bounds read and crash) via a malformed DNS request.",
    "id": "GSD-2015-3294",
    "references": [
      "https://www.suse.com/security/cve/CVE-2015-3294.html",
      "https://www.debian.org/security/2015/dsa-3251",
      "https://ubuntu.com/security/CVE-2015-3294",
      "https://advisories.mageia.org/CVE-2015-3294.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2015-3294"
      ],
      "details": "The tcp_request function in Dnsmasq before 2.73rc4 does not properly handle the return value of the setup_reply function, which allows remote attackers to read process memory and cause a denial of service (out-of-bounds read and crash) via a malformed DNS request.",
      "id": "GSD-2015-3294",
      "modified": "2023-12-13T01:20:07.502748Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "cve@mitre.org",
        "ID": "CVE-2015-3294",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "n/a",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "n/a"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "n/a"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "The tcp_request function in Dnsmasq before 2.73rc4 does not properly handle the return value of the setup_reply function, which allows remote attackers to read process memory and cause a denial of service (out-of-bounds read and crash) via a malformed DNS request."
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "n/a"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "DSA-3251",
            "refsource": "DEBIAN",
            "url": "http://www.debian.org/security/2015/dsa-3251"
          },
          {
            "name": "[Dnsmasq-discuss] 20150407 dnsmsaq potential vulnerability",
            "refsource": "MLIST",
            "url": "http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2015q2/009382.html"
          },
          {
            "name": "openSUSE-SU-2015:0857",
            "refsource": "SUSE",
            "url": "http://lists.opensuse.org/opensuse-updates/2015-05/msg00013.html"
          },
          {
            "name": "http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commitdiff;h=ad4a8ff7d9097008d7623df8543df435bfddeac8",
            "refsource": "CONFIRM",
            "url": "http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commitdiff;h=ad4a8ff7d9097008d7623df8543df435bfddeac8"
          },
          {
            "name": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html",
            "refsource": "CONFIRM",
            "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
          },
          {
            "name": "USN-2593-1",
            "refsource": "UBUNTU",
            "url": "http://www.ubuntu.com/usn/USN-2593-1"
          },
          {
            "name": "GLSA-201512-01",
            "refsource": "GENTOO",
            "url": "https://security.gentoo.org/glsa/201512-01"
          },
          {
            "name": "[Dnsmasq-discuss] 20150407 dnsmsaq potential vulnerability",
            "refsource": "MLIST",
            "url": "http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2015q2/009387.html"
          },
          {
            "name": "1032195",
            "refsource": "SECTRACK",
            "url": "http://www.securitytracker.com/id/1032195"
          },
          {
            "name": "74452",
            "refsource": "BID",
            "url": "http://www.securityfocus.com/bid/74452"
          },
          {
            "name": "20150423 Dnsmasq 2.72 Unchecked returned value",
            "refsource": "BUGTRAQ",
            "url": "http://www.securityfocus.com/archive/1/535354/100/1100/threaded"
          }
        ]
      }
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:thekelleys:dnsmasq:*:rc3:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "2.73",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          },
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:o:oracle:solaris:11.2:*:*:*:*:*:*:*",
                "cpe_name": [],
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "cve@mitre.org",
          "ID": "CVE-2015-3294"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "The tcp_request function in Dnsmasq before 2.73rc4 does not properly handle the return value of the setup_reply function, which allows remote attackers to read process memory and cause a denial of service (out-of-bounds read and crash) via a malformed DNS request."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-19"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commitdiff;h=ad4a8ff7d9097008d7623df8543df435bfddeac8",
              "refsource": "CONFIRM",
              "tags": [
                "Patch"
              ],
              "url": "http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commitdiff;h=ad4a8ff7d9097008d7623df8543df435bfddeac8"
            },
            {
              "name": "DSA-3251",
              "refsource": "DEBIAN",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.debian.org/security/2015/dsa-3251"
            },
            {
              "name": "[Dnsmasq-discuss] 20150407 dnsmsaq potential vulnerability",
              "refsource": "MLIST",
              "tags": [
                "Exploit"
              ],
              "url": "http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2015q2/009382.html"
            },
            {
              "name": "USN-2593-1",
              "refsource": "UBUNTU",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "http://www.ubuntu.com/usn/USN-2593-1"
            },
            {
              "name": "[Dnsmasq-discuss] 20150407 dnsmsaq potential vulnerability",
              "refsource": "MLIST",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2015q2/009387.html"
            },
            {
              "name": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html",
              "refsource": "CONFIRM",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
            },
            {
              "name": "GLSA-201512-01",
              "refsource": "GENTOO",
              "tags": [],
              "url": "https://security.gentoo.org/glsa/201512-01"
            },
            {
              "name": "1032195",
              "refsource": "SECTRACK",
              "tags": [],
              "url": "http://www.securitytracker.com/id/1032195"
            },
            {
              "name": "74452",
              "refsource": "BID",
              "tags": [],
              "url": "http://www.securityfocus.com/bid/74452"
            },
            {
              "name": "openSUSE-SU-2015:0857",
              "refsource": "SUSE",
              "tags": [],
              "url": "http://lists.opensuse.org/opensuse-updates/2015-05/msg00013.html"
            },
            {
              "name": "20150423 Dnsmasq 2.72 Unchecked returned value",
              "refsource": "BUGTRAQ",
              "tags": [],
              "url": "http://www.securityfocus.com/archive/1/535354/100/1100/threaded"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 6.4,
            "confidentialityImpact": "PARTIAL",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 4.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        }
      },
      "lastModifiedDate": "2018-10-09T19:56Z",
      "publishedDate": "2015-05-08T14:59Z"
    }
  }
}

CVE-2015-3294

Vulnerability from fstec - Published: 07.04.2015

Title

Уязвимость DNS-сервера Dnsmasq, позволяющая нарушителю вызвать отказ в обслуживании

Description

Уязвимость DNS-сервера Dnsmasq может позволить нарушителю, действующему удалённо, вызвать отказ в обслуживании в случае сбоя отправки пакетов, вызванного отсутствием сетевого интерфейса

Severity ?

Vendor

Simon Kelley

Software Name

Dnsmasq

Software Version

от 2.0 до 2.72 (Dnsmasq)

Possible Mitigations

Обновление программного обеспечения до версии 2.72 или более новой

Reference

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3294 http://www.thekelleys.org.uk/dnsmasq/CHANGELOG http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2015q2/009382.html

CWE

CWE-19

JSON

To clipboard

{
  "CVSS 2.0": "AV:N/AC:M/Au:N/C:N/I:N/A:P",
  "CVSS 3.0": null,
  "CVSS 4.0": null,
  "remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
  "remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
  "\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "Simon Kelley",
  "\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "\u043e\u0442 2.0 \u0434\u043e 2.72 (Dnsmasq)",
  "\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 2.72 \u0438\u043b\u0438 \u0431\u043e\u043b\u0435\u0435 \u043d\u043e\u0432\u043e\u0439",
  "\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "07.04.2015",
  "\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "23.03.2021",
  "\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "18.05.2015",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2015-10027",
  "\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2015-3294",
  "\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
  "\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
  "\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Dnsmasq",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux . 64-bit, \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Linux . 32-bit",
  "\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c DNS-\u0441\u0435\u0440\u0432\u0435\u0440\u0430 Dnsmasq, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438",
  "\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041e\u0431\u0440\u0430\u0431\u043e\u0442\u043a\u0430 \u0434\u0430\u043d\u043d\u044b\u0445 (CWE-19)",
  "\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c DNS-\u0441\u0435\u0440\u0432\u0435\u0440\u0430 Dnsmasq \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0451\u043d\u043d\u043e, \u0432\u044b\u0437\u0432\u0430\u0442\u044c \u043e\u0442\u043a\u0430\u0437 \u0432 \u043e\u0431\u0441\u043b\u0443\u0436\u0438\u0432\u0430\u043d\u0438\u0438 \u0432 \u0441\u043b\u0443\u0447\u0430\u0435 \u0441\u0431\u043e\u044f \u043e\u0442\u043f\u0440\u0430\u0432\u043a\u0438 \u043f\u0430\u043a\u0435\u0442\u043e\u0432, \u0432\u044b\u0437\u0432\u0430\u043d\u043d\u043e\u0433\u043e \u043e\u0442\u0441\u0443\u0442\u0441\u0442\u0432\u0438\u0435\u043c \u0441\u0435\u0442\u0435\u0432\u043e\u0433\u043e \u0438\u043d\u0442\u0435\u0440\u0444\u0435\u0439\u0441\u0430",
  "\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
  "\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
  "\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
  "\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2015-3294\n\nhttp://www.thekelleys.org.uk/dnsmasq/CHANGELOG\n\nhttp://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2015q2/009382.html",
  "\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
  "\u0422\u0438\u043f \u041f\u041e": "\u0421\u0435\u0442\u0435\u0432\u043e\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e",
  "\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-19",
  "\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0421\u0440\u0435\u0434\u043d\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 4,3)"
}

GHSA-68QG-CGXP-WXCF

Vulnerability from github – Published: 2022-05-14 02:48 – Updated: 2025-04-12 12:47

Details

Show details on source website

JSON

To clipboard

{
  "affected": [],
  "aliases": [
    "CVE-2015-3294"
  ],
  "database_specific": {
    "cwe_ids": [],
    "github_reviewed": false,
    "github_reviewed_at": null,
    "nvd_published_at": "2015-05-08T14:59:00Z",
    "severity": "MODERATE"
  },
  "details": "The tcp_request function in Dnsmasq before 2.73rc4 does not properly handle the return value of the setup_reply function, which allows remote attackers to read process memory and cause a denial of service (out-of-bounds read and crash) via a malformed DNS request.",
  "id": "GHSA-68qg-cgxp-wxcf",
  "modified": "2025-04-12T12:47:39Z",
  "published": "2022-05-14T02:48:49Z",
  "references": [
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-3294"
    },
    {
      "type": "WEB",
      "url": "https://security.gentoo.org/glsa/201512-01"
    },
    {
      "type": "WEB",
      "url": "http://lists.opensuse.org/opensuse-updates/2015-05/msg00013.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2015q2/009382.html"
    },
    {
      "type": "WEB",
      "url": "http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2015q2/009387.html"
    },
    {
      "type": "WEB",
      "url": "http://thekelleys.org.uk/gitweb/?p=dnsmasq.git%3Ba=commitdiff%3Bh=ad4a8ff7d9097008d7623df8543df435bfddeac8"
    },
    {
      "type": "WEB",
      "url": "http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commitdiff;h=ad4a8ff7d9097008d7623df8543df435bfddeac8"
    },
    {
      "type": "WEB",
      "url": "http://www.debian.org/security/2015/dsa-3251"
    },
    {
      "type": "WEB",
      "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/archive/1/535354/100/1100/threaded"
    },
    {
      "type": "WEB",
      "url": "http://www.securityfocus.com/bid/74452"
    },
    {
      "type": "WEB",
      "url": "http://www.securitytracker.com/id/1032195"
    },
    {
      "type": "WEB",
      "url": "http://www.ubuntu.com/usn/USN-2593-1"
    }
  ],
  "schema_version": "1.4.0",
  "severity": []
}

CERTFR-2015-AVI-308

Vulnerability from certfr_avis - Published: 2015-07-15 - Updated: 2015-07-15

De multiples vulnérabilités ont été corrigées dans Oracle Solaris. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur.

Contournement provisoire

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Oracle	N/A	Oracle Solaris versions 11.2 et antérieures
	Oracle	N/A	Oracle Solaris versions 10 et antérieures

References

Title

Publication Time

CNVD-2015-02804

Vulnerability from cnvd - Published: 2015-04-29

Title

Dnsmasq 'setup_reply()'拒绝服务漏洞

Description

DNSmasq是一个小巧且方便地用于配置DNS和DHCP的工具，适用于小型网络，它提供了DNS功能和可选择的DHCP功能。 Dnsmasq在实现上存在拒绝服务漏洞，通过构造的DNS请求包，远程用户利用此漏洞可读取进程内存内容，造成目标服务崩溃。

Severity

中

Patch Name

Dnsmasq 'setup_reply()'拒绝服务漏洞的补丁

Patch Description

DNSmasq是一个小巧且方便地用于配置DNS和DHCP的工具，适用于小型网络，它提供了DNS功能和可选择的DHCP功能。Dnsmasq在实现上存在拒绝服务漏洞，通过构造的DNS请求包，远程用户利用此漏洞可读取进程内存内容，造成目标服务崩溃。目前，供应商发布了安全公告及相关补丁信息，修复了此漏洞。

Formal description

目前厂商已经发布了升级补丁以修复这个安全问题，请到厂商的主页下载： http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2015q2/009382.html http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=ad4a8ff7d9097008d7623df8543df435bfddeac8

Reference

https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-3294

Impacted products

Name
Dnsmasq Dnsmasq

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2015-3294"
    }
  },
  "description": "DNSmasq\u662f\u4e00\u4e2a\u5c0f\u5de7\u4e14\u65b9\u4fbf\u5730\u7528\u4e8e\u914d\u7f6eDNS\u548cDHCP\u7684\u5de5\u5177\uff0c\u9002\u7528\u4e8e\u5c0f\u578b\u7f51\u7edc\uff0c\u5b83\u63d0\u4f9b\u4e86DNS\u529f\u80fd\u548c\u53ef\u9009\u62e9\u7684DHCP\u529f\u80fd\u3002\r\n\r\nDnsmasq\u5728\u5b9e\u73b0\u4e0a\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff0c\u901a\u8fc7\u6784\u9020\u7684DNS\u8bf7\u6c42\u5305\uff0c\u8fdc\u7a0b\u7528\u6237\u5229\u7528\u6b64\u6f0f\u6d1e\u53ef\u8bfb\u53d6\u8fdb\u7a0b\u5185\u5b58\u5185\u5bb9\uff0c\u9020\u6210\u76ee\u6807\u670d\u52a1\u5d29\u6e83\u3002",
  "discovererName": "Nick Sampanis",
  "formalWay": "\u76ee\u524d\u5382\u5546\u5df2\u7ecf\u53d1\u5e03\u4e86\u5347\u7ea7\u8865\u4e01\u4ee5\u4fee\u590d\u8fd9\u4e2a\u5b89\u5168\u95ee\u9898\uff0c\u8bf7\u5230\u5382\u5546\u7684\u4e3b\u9875\u4e0b\u8f7d\uff1a\r\nhttp://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2015q2/009382.html\r\nhttp://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=ad4a8ff7d9097008d7623df8543df435bfddeac8",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2015-02804",
  "openTime": "2015-04-29",
  "patchDescription": "DNSmasq\u662f\u4e00\u4e2a\u5c0f\u5de7\u4e14\u65b9\u4fbf\u5730\u7528\u4e8e\u914d\u7f6eDNS\u548cDHCP\u7684\u5de5\u5177\uff0c\u9002\u7528\u4e8e\u5c0f\u578b\u7f51\u7edc\uff0c\u5b83\u63d0\u4f9b\u4e86DNS\u529f\u80fd\u548c\u53ef\u9009\u62e9\u7684DHCP\u529f\u80fd\u3002Dnsmasq\u5728\u5b9e\u73b0\u4e0a\u5b58\u5728\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\uff0c\u901a\u8fc7\u6784\u9020\u7684DNS\u8bf7\u6c42\u5305\uff0c\u8fdc\u7a0b\u7528\u6237\u5229\u7528\u6b64\u6f0f\u6d1e\u53ef\u8bfb\u53d6\u8fdb\u7a0b\u5185\u5b58\u5185\u5bb9\uff0c\u9020\u6210\u76ee\u6807\u670d\u52a1\u5d29\u6e83\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
  "patchName": "Dnsmasq \u0027setup_reply()\u0027\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e\u7684\u8865\u4e01",
  "products": {
    "product": "Dnsmasq Dnsmasq"
  },
  "referenceLink": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2015-3294",
  "serverity": "\u4e2d",
  "submitTime": "2015-04-28",
  "title": "Dnsmasq \u0027setup_reply()\u0027\u62d2\u7edd\u670d\u52a1\u6f0f\u6d1e"
}

FKIE_CVE-2015-3294

Vulnerability from fkie_nvd - Published: 2015-05-08 14:59 - Updated: 2025-04-12 10:46

Severity ?

Summary

References

URL	Tags
cve@mitre.org	http://lists.opensuse.org/opensuse-updates/2015-05/msg00013.html
cve@mitre.org	http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2015q2/009382.html	Exploit
cve@mitre.org	http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2015q2/009387.html	Third Party Advisory
cve@mitre.org	http://thekelleys.org.uk/gitweb/?p=dnsmasq.git%3Ba=commitdiff%3Bh=ad4a8ff7d9097008d7623df8543df435bfddeac8
cve@mitre.org	http://www.debian.org/security/2015/dsa-3251	Vendor Advisory
cve@mitre.org	http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html	Third Party Advisory
cve@mitre.org	http://www.securityfocus.com/archive/1/535354/100/1100/threaded
cve@mitre.org	http://www.securityfocus.com/bid/74452
cve@mitre.org	http://www.securitytracker.com/id/1032195
cve@mitre.org	http://www.ubuntu.com/usn/USN-2593-1	Vendor Advisory
cve@mitre.org	https://security.gentoo.org/glsa/201512-01
af854a3a-2127-422b-91ae-364da2661108	http://lists.opensuse.org/opensuse-updates/2015-05/msg00013.html
af854a3a-2127-422b-91ae-364da2661108	http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2015q2/009382.html	Exploit
af854a3a-2127-422b-91ae-364da2661108	http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2015q2/009387.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://thekelleys.org.uk/gitweb/?p=dnsmasq.git%3Ba=commitdiff%3Bh=ad4a8ff7d9097008d7623df8543df435bfddeac8
af854a3a-2127-422b-91ae-364da2661108	http://www.debian.org/security/2015/dsa-3251	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/archive/1/535354/100/1100/threaded
af854a3a-2127-422b-91ae-364da2661108	http://www.securityfocus.com/bid/74452
af854a3a-2127-422b-91ae-364da2661108	http://www.securitytracker.com/id/1032195
af854a3a-2127-422b-91ae-364da2661108	http://www.ubuntu.com/usn/USN-2593-1	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://security.gentoo.org/glsa/201512-01

Impacted products

	Vendor	Product	Version
	thekelleys	dnsmasq	*
	oracle	solaris	11.2

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:thekelleys:dnsmasq:*:rc3:*:*:*:*:*:*",
              "matchCriteriaId": "D4E32044-8F2B-48B6-8D85-46B7D62C3A87",
              "versionEndIncluding": "2.73",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    },
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:o:oracle:solaris:11.2:*:*:*:*:*:*:*",
              "matchCriteriaId": "0B1C288F-326B-497B-B26C-D26E01262DDB",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "The tcp_request function in Dnsmasq before 2.73rc4 does not properly handle the return value of the setup_reply function, which allows remote attackers to read process memory and cause a denial of service (out-of-bounds read and crash) via a malformed DNS request."
    },
    {
      "lang": "es",
      "value": "La funci\u00f3n tcp_request en Dnsmasq anterior a 2.73rc4 no maneja correctamente el valor de retorno de la funci\u00f3n setup_reply, lo que permite a atacantes remotos leer la memoria de procesos y causar una denegaci\u00f3n de servicio (lectura fuera de rango y ca\u00edda) a trav\u00e9s de una solicitud DNS malformada."
    }
  ],
  "id": "CVE-2015-3294",
  "lastModified": "2025-04-12T10:46:40.837",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 6.4,
          "confidentialityImpact": "PARTIAL",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 4.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ]
  },
  "published": "2015-05-08T14:59:05.527",
  "references": [
    {
      "source": "cve@mitre.org",
      "url": "http://lists.opensuse.org/opensuse-updates/2015-05/msg00013.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Exploit"
      ],
      "url": "http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2015q2/009382.html"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2015q2/009387.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://thekelleys.org.uk/gitweb/?p=dnsmasq.git%3Ba=commitdiff%3Bh=ad4a8ff7d9097008d7623df8543df435bfddeac8"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.debian.org/security/2015/dsa-3251"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/archive/1/535354/100/1100/threaded"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securityfocus.com/bid/74452"
    },
    {
      "source": "cve@mitre.org",
      "url": "http://www.securitytracker.com/id/1032195"
    },
    {
      "source": "cve@mitre.org",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/USN-2593-1"
    },
    {
      "source": "cve@mitre.org",
      "url": "https://security.gentoo.org/glsa/201512-01"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://lists.opensuse.org/opensuse-updates/2015-05/msg00013.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Exploit"
      ],
      "url": "http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2015q2/009382.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2015q2/009387.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://thekelleys.org.uk/gitweb/?p=dnsmasq.git%3Ba=commitdiff%3Bh=ad4a8ff7d9097008d7623df8543df435bfddeac8"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.debian.org/security/2015/dsa-3251"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/archive/1/535354/100/1100/threaded"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securityfocus.com/bid/74452"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "http://www.securitytracker.com/id/1032195"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "http://www.ubuntu.com/usn/USN-2593-1"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "url": "https://security.gentoo.org/glsa/201512-01"
    }
  ],
  "sourceIdentifier": "cve@mitre.org",
  "vulnStatus": "Deferred",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-19"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2015-3294 (GCVE-0-2015-3294)

GSD-2015-3294

CVE-2015-3294

GHSA-68QG-CGXP-WXCF

CERTFR-2015-AVI-308

Contournement provisoire

CNVD-2015-02804

FKIE_CVE-2015-3294

Tags

Sightings

Nomenclature