cve/2015/CVE-2015-3294.md

CVE-2015-3294

Description

The tcp_request function in Dnsmasq before 2.73rc4 does not properly handle the return value of the setup_reply function, which allows remote attackers to read process memory and cause a denial of service (out-of-bounds read and crash) via a malformed DNS request.

POC

Reference

• http://www.oracle.com/technetwork/topics/security/bulletinjul2015-2511963.html

Github

• https://github.com/ARPSyndicate/cvemon