Description Heap-based buffer overflow in the tftp_request function in tftp.c in dnsmasq before 2.50, when --enable-tftp is used, might allow remote attackers to execute arbitrary code via a long filename in a TFTP packet, as demonstrated by a read (aka RRQ) request.
Severity: MEDIUM (6.8)
Published: Sept. 2, 2009
Modified: Sept. 19, 2017
Error type identifier: CWE-119 References to Advisories, Solutions, and Tools Affected configurations: cpe:2.3:a:thekelleys:dnsmasq:0.4:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.11:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.28:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.39:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:0.996:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:1.8:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.1:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.25:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.6:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:1.2:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:1.16:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:0.98:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.34:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.7:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:1.6:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.23:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.36:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.41:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:0.95:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.22:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:1.15:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.46:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:0.6:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.9:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:1.7:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.14:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:1.14:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:1.12:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:1.9:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:0.992:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.20:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.13:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.4:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.44:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:1.4:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:1.3:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.10:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:1.10:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:0.7:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.3:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.37:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.43:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.29:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.40:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.35:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.17:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.0:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.19:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.42:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.24:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:1.11:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:1.17:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.38:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.16:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.48:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:1.0:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.27:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.33:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:1.18:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:1.5:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:1.13:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.45:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.5:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.47:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:0.96:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.30:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.21:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:0.5:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.8:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.26:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.31:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.2:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:*:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.15:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.12:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.18:*:*:*:*:*:*:*