Submeter #673138: dnsmasq dnsmasq v2.73rc6 Heap-based Buffer Overflowinformação

Títulodnsmasq dnsmasq v2.73rc6 Heap-based Buffer Overflow
DescriçãoA heap buffer overflow exists in dnsmasq v2.73rc6 when parsing DHCP option hexadecimal values. The vulnerability is in `parse_hex()` (src/util.c) which can write past the end of the allocated buffer (callers allocate based on a computed byte count). A crafted DHCP option in `dnsmasq.conf` causes `parse_hex()` to overflow the heap buffer during configuration parsing, resulting in a crash and potential memory corruption. Reproduce by replacing `dnsmasq.conf` with the supplied config and starting dnsmasq; an ASan build produces a reliable crash referencing `parse_hex`.
Fonte⚠️ https://shimo.im/docs/1d3aMVMmNmiLjg3g/
Utilizador
 zh_vul (UID 91488)
Submissão11/10/2025 05h30 (há 8 meses)
Moderação25/10/2025 08h22 (14 days later)
EstadoAceite
Entrada VulDB329868 [dnsmasq até 2.73rc6 Config File src/util.c parse_hex i Excesso de tampão]
Pontos20

VoltarVisão GeralPróximo

Interested in the pricing of exploits?

See the underground prices here!