[Dnsmasq-discuss] [PATCH] Heap use after free in dhcp6_no_relay (CVE-2022-0934)
Lonnie Abelbeck
lists at lonnie.abelbeck.com
Fri Apr 1 14:37:12 UTC 2022
> On Mar 31, 2022, at 2:04 PM, Petr Menšík <pemensik at redhat.com> wrote:
>
> Possible vulnerability were found in latest dnsmasq. It were found with help of oss-fuzz Google project by me and short after that independently also by Richard Johnson of Trellix Threat Labs.
>
> It is affected only by DHCPv6 requests, which could be crafted to modify already freed memory. Red Hat security assigned this vulnerability CVE-2022-0934.
Are dnsmasq IPv6 configs *only* using "ra-only" (ex.):
--
dhcp-range=...,ra-only,64,24h
--
Immune from CVE-2022-0934 ?
Lonnie
More information about the Dnsmasq-discuss
mailing list