[Git][security-tracker-team/security-tracker][master] Add new set of dnsmasq issues

Salvatore Bonaccorso (@carnil) carnil at debian.org
Sat Jan 1 08:37:12 GMT 2022 


Salvatore Bonaccorso pushed to branch master at Debian Security Tracker / security-tracker


Commits:
8d274114 by Salvatore Bonaccorso at 2022-01-01T09:36:46+01:00
Add new set of dnsmasq issues

- - - - -


1 changed file:

- data/CVE/list


Changes:

=====================================
data/CVE/list
=====================================
@@ -16,19 +16,40 @@ CVE-2021-45958 (UltraJSON (aka ujson) 4.0.2 through 5.0.0 has a stack-based buff
 	NOTE: Introduced by: https://github.com/ultrajson/ultrajson/commit/a920bfa9d85bcd78836b866d1be80c1e3dcca1da (4.0.2)
 	TODO: claimed to be fixed, but 5525f8c9ef8bb879dadd0eb942d524827d1b0362 is not part of the repository
 CVE-2021-45957 (Dnsmasq 2.86 has a heap-based buffer overflow in answer_request (calle ...)
-	TODO: check
+	- dnsmasq <unfixed>
+	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35920
+	NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/dnsmasq/OSV-2021-935.yaml
+	TODO: check, the introducing commit seems odd, and might be just related to when fuzzing started, and is same for other dnsmaq and oss-fuzz related reports.
 CVE-2021-45956 (Dnsmasq 2.86 has a heap-based buffer overflow in print_mac (called fro ...)
-	TODO: check
+	- dnsmasq <unfixed>
+	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35887
+	NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/dnsmasq/OSV-2021-933.yaml
+	TODO: check, the introducing commit seems odd, and might be just related to when fuzzing started, and is same for other dnsmaq and oss-fuzz related reports.
 CVE-2021-45955 (Dnsmasq 2.86 has a heap-based buffer overflow in resize_packet (called ...)
-	TODO: check
+	- dnsmasq <unfixed>
+	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35898
+	NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/dnsmasq/OSV-2021-932.yaml
+	TODO: check, the introducing commit seems odd, and might be just related to when fuzzing started, and is same for other dnsmaq and oss-fuzz related reports.
 CVE-2021-45954 (Dnsmasq 2.86 has a heap-based buffer overflow in extract_name (called  ...)
-	TODO: check
+	- dnsmasq <unfixed>
+	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35861
+	NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/dnsmasq/OSV-2021-931.yaml
+	TODO: check, the introducing commit seems odd, and might be just related to when fuzzing started, and is same for other dnsmaq and oss-fuzz related reports.
 CVE-2021-45953 (Dnsmasq 2.86 has a heap-based buffer overflow in extract_name (called  ...)
-	TODO: check
+	- dnsmasq <unfixed>
+	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35858
+	NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/dnsmasq/OSV-2021-929.yaml
+	TODO: check, the introducing commit seems odd, and might be just related to when fuzzing started, and is same for other dnsmaq and oss-fuzz related reports.
 CVE-2021-45952 (Dnsmasq 2.86 has a heap-based buffer overflow in dhcp_reply (called fr ...)
-	TODO: check
+	- dnsmasq <unfixed>
+	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35870
+	NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/dnsmasq/OSV-2021-927.yaml
+	TODO: check, the introducing commit seems odd, and might be just related to when fuzzing started, and is same for other dnsmaq and oss-fuzz related reports.
 CVE-2021-45951 (Dnsmasq 2.86 has a heap-based buffer overflow in check_bad_address (ca ...)
-	TODO: check
+	- dnsmasq <unfixed>
+	NOTE: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35868
+	NOTE: https://github.com/google/oss-fuzz-vulns/blob/main/vulns/dnsmasq/OSV-2021-924.yaml
+	TODO: check, the introducing commit seems odd, and might be just related to when fuzzing started, and is same for other dnsmaq and oss-fuzz related reports.
 CVE-2021-45950 (LibreDWG 0.12.4.4313 through 0.12.4.4367 has an out-of-bounds write in ...)
 	TODO: check
 CVE-2021-45949 (Ghostscript GhostPDL 9.50 through 9.54.0 has a heap-based buffer overf ...)



View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8d2741144d5018bc7f1508726cdfaad33e508c3d

-- 
View it on GitLab: https://salsa.debian.org/security-tracker-team/security-tracker/-/commit/8d2741144d5018bc7f1508726cdfaad33e508c3d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-security-tracker-commits/attachments/20220101/092d623f/attachment.htm>

More information about the debian-security-tracker-commits mailing list