dnsmasq: Denial-of-service when empty address from DNS overlays A record from hosts (CVE-2015-8899)
Dnsmasq before 2.76 allows remote servers to cause a denial of service
(crash) via a reply with
an empty DNS address that has an (1) A or (2) AAAA record defined
locally.
References:
http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2016q2/010479.html
https://bugs.launchpad.net/ubuntu/+source/dnsmasq/+bug/1581181
Patch:
http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=patch;h=41a8d9e99be9f2cc8b02051dd322cb45e0faac87
(from redmine: issue id 5922, created on 2016-07-20, closed on 2016-07-21)
- Relations:
- child #5923 (closed)