[Dnsmasq-discuss] [PATCH] Heap use after free in dhcp6_no_relay (CVE-2022-0934)
Simon Kelley
simon at thekelleys.org.uk
Thu Mar 31 21:06:33 UTC 2022
On 31/03/2022 20:04, Petr Menšík wrote:
> Possible vulnerability were found in latest dnsmasq. It were found with
> help of oss-fuzz Google project by me and short after that independently
> also by Richard Johnson of Trellix Threat Labs.
>
> It is affected only by DHCPv6 requests, which could be crafted to modify
> already freed memory. Red Hat security assigned this vulnerability
> CVE-2022-0934. Affected are also previous versions including 2.85, 2.79
> and 2.76. Correction is relative simple, I am attaching my proposal to
> fix this issue. Simon will probably use his own commit in upcoming
> version to fix this issue soon in git repository. We think it might be
> triggered remotely, but we do not think it could be used to execute
> remote code.
>
> Best Regards,
>
> Petr Menšík
>
> --
> Petr Menšík
> Software Engineer
> Red Hat,http://www.redhat.com/
> email:pemensik at redhat.com
> PGP: DFCF908DB7C87E8E529925BC4931CA5B6C9FC5CB
>
I just pushed my fix at
https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=03345ecefeb0d82e3c3a4c28f27c3554f0611b39
It attempts a clean-up of the code. Petr's patch is a better base for a
minimally-invasive backport fix.
Cheers,
Simon.
More information about the Dnsmasq-discuss
mailing list