{ "schema_version": "1.4.0", "id": "GHSA-68qg-cgxp-wxcf", "modified": "2025-04-12T12:47:39Z", "published": "2022-05-14T02:48:49Z", "aliases": [ "CVE-2015-3294" ], "details": "The tcp_request function in Dnsmasq before 2.73rc4 does not properly handle the return value of the setup_reply function, which allows remote attackers to read process memory and cause a denial of service (out-of-bounds read and crash) via a malformed DNS request.", "severity": [], "affected": [], "references": [ { "type": "ADVISORY", "url": "https://nvd.nist.gov/vuln/detail/CVE-2015-3294" }, { "type": "WEB", "url": "https://security.gentoo.org/glsa/201512-01" }, { "type": "WEB", "url": "http://lists.opensuse.org/opensuse-updates/2015-05/msg00013.html" }, { "type": "WEB", "url": "http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2015q2/009382.html" }, { "type": "WEB", "url": "http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2015q2/009387.html" }, { "type": "WEB", "url": "http://thekelleys.org.uk/gitweb/?p=dnsmasq.git%3Ba=commitdiff%3Bh=ad4a8ff7d9097008d7623df8543df435bfddeac8" }, { "type": "WEB", "url": "http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commitdiff;h=ad4a8ff7d9097008d7623df8543df435bfddeac8" }, { "type": "WEB", "url": "http://www.debian.org/security/2015/dsa-3251" }, { "type": "WEB", "url": "http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html" }, { "type": "WEB", "url": "http://www.securityfocus.com/archive/1/535354/100/1100/threaded" }, { "type": "WEB", "url": "http://www.securityfocus.com/bid/74452" }, { "type": "WEB", "url": "http://www.securitytracker.com/id/1032195" }, { "type": "WEB", "url": "http://www.ubuntu.com/usn/USN-2593-1" } ], "database_specific": { "cwe_ids": [], "severity": "MODERATE", "github_reviewed": false, "github_reviewed_at": null, "nvd_published_at": "2015-05-08T14:59:00Z" } }