| 제목 | dnsmasq dnsmasq v2.73rc6 Heap-based Buffer Overflow |
|---|
| 설명 | A heap buffer overflow exists in dnsmasq v2.73rc6 when parsing DHCP option hexadecimal values. The vulnerability is in `parse_hex()` (src/util.c) which can write past the end of the allocated buffer (callers allocate based on a computed byte count). A crafted DHCP option in `dnsmasq.conf` causes `parse_hex()` to overflow the heap buffer during configuration parsing, resulting in a crash and potential memory corruption. Reproduce by replacing `dnsmasq.conf` with the supplied config and starting dnsmasq; an ASan build produces a reliable crash referencing `parse_hex`. |
|---|
| 원천 | ⚠️ https://shimo.im/docs/1d3aMVMmNmiLjg3g/ |
|---|
| 사용자 | zh_vul (UID 91488) |
|---|
| 제출 | 2025. 10. 11. AM 05:30 (8 개월 ago) |
|---|
| 모더레이션 | 2025. 10. 25. AM 08:22 (14 days later) |
|---|
| 상태 | 수락 |
|---|
| VulDB 항목 | 329868 [dnsmasq 까지 2.73rc6 Config File src/util.c parse_hex i 메모리 손상] |
|---|
| 포인트들 | 20 |
|---|