dnsmasq: Improper validation of wildcard synthesized NSEC records (CVE-2017-15107)
A vulnerability was found in the implementation of DNSSEC in Dnsmasq up
to and including 2.78. Wildcard synthesized
NSEC records could be improperly interpreted to prove the non-existence
of hostnames that actually exist.
References:
http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2018q1/011896.html
https://nvd.nist.gov/vuln/detail/CVE-2017-15107
Patch:
(from redmine: issue id 9377, created on 2018-09-04, closed on 2018-11-08)
- Relations:
- child #9378 (closed)
- child #9379 (closed)
- child #9380 (closed)