On 31/03/2022 20:04, Petr Menšík wrote:
Possible vulnerability were found in latest dnsmasq. It were found with
help of oss-fuzz Google project by me and short after that independently
also by Richard Johnson of Trellix Threat Labs.
It is affected only by DHCPv6 requests, which could be crafted to modify
already freed memory. Red Hat security assigned this vulnerability
CVE-2022-0934. Affected are also previous versions including 2.85, 2.79
and 2.76. Correction is relative simple, I am attaching my proposal to
fix this issue. Simon will probably use his own commit in upcoming
version to fix this issue soon in git repository. We think it might be
triggered remotely, but we do not think it could be used to execute
remote code.
Best Regards,
Petr Menšík
--
Petr Menšík
Software Engineer
Red Hat,http://www.redhat.com/
email:pemen...@redhat.com
PGP: DFCF908DB7C87E8E529925BC4931CA5B6C9FC5CB
I just pushed my fix at
https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=03345ecefeb0d82e3c3a4c28f27c3554f0611b39
It attempts a clean-up of the code. Petr's patch is a better base for a
minimally-invasive backport fix.
Cheers,
Simon.
_______________________________________________
Dnsmasq-discuss mailing list
Dnsmasq-discuss@lists.thekelleys.org.uk
https://lists.thekelleys.org.uk/cgi-bin/mailman/listinfo/dnsmasq-discuss
