CVE-2009-2957

Heap-based buffer overflow in the tftp_request function in tftp.c in dnsmasq before 2.50, when --enable-tftp is used, might allow remote attackers to execute arbitrary code via a long filename in a TFTP packet, as demonstrated by a read (aka RRQ) request.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:thekelleys:dnsmasq:*:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:0.4:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:0.5:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:0.6:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:0.7:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:0.95:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:0.96:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:0.98:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:0.992:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:0.996:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:1.0:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:1.2:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:1.3:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:1.4:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:1.5:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:1.6:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:1.7:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:1.8:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:1.9:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:1.10:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:1.11:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:1.12:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:1.13:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:1.14:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:1.15:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:1.16:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:1.17:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:1.18:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.0:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.1:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.2:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.3:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.4:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.5:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.6:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.7:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.8:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.9:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.10:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.11:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.12:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.13:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.14:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.15:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.16:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.17:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.18:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.19:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.20:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.21:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.22:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.23:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.24:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.25:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.26:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.27:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.28:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.29:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.30:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.31:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.33:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.34:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.35:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.36:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.37:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.38:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.39:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.40:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.41:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.42:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.43:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.44:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.45:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.46:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.47:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.48:*:*:*:*:*:*:*

History

No history.

Information

Published : 2009-09-02 15:30

Updated : 2024-02-04 17:33


NVD link : CVE-2009-2957

Mitre link : CVE-2009-2957

CVE.ORG link : CVE-2009-2957


JSON object : View

Products Affected

thekelleys

  • dnsmasq
CWE
CWE-119

Improper Restriction of Operations within the Bounds of a Memory Buffer