CVE-2012-3411

dnsmasq < 2.63test1 - Denial of Service via Spoofed DNS Query

Title source: llm
STIX 2.1

Description

Dnsmasq before 2.63test1, when used with certain libvirt configurations, replies to requests from prohibited interfaces, which allows remote attackers to cause a denial of service (traffic amplification) via a spoofed DNS query.

References (11)

Core 11
Core References
Third Party Advisory vendor-advisory x_refsource_mandriva
http://www.mandriva.com/security/advisories?name=MDVSA-2013:072
Third Party Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2013-0276.html
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2012/07/12/5
Issue Tracking, Patch, Third Party Advisory x_refsource_misc
https://bugzilla.redhat.com/show_bug.cgi?id=833033
Third Party Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2013-0579.html
Release Notes, Vendor Advisory x_refsource_confirm
http://www.thekelleys.org.uk/dnsmasq/CHANGELOG
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/54353
Issue Tracking, Third Party Advisory x_refsource_misc
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=683372
Third Party Advisory vendor-advisory x_refsource_redhat
http://rhn.redhat.com/errata/RHSA-2013-0277.html

Scores

EPSS 0.0503
EPSS Percentile 91.3%

Details

CWE
CWE-20
Status published
Products (4)
redhat/enterprise_linux_desktop 6.0
redhat/enterprise_linux_server 6.0
redhat/enterprise_linux_workstation 6.0
thekelleys/dnsmasq < 2.62
Published Mar 05, 2013
Tracked Since Feb 18, 2026