Bugzilla – Bug 1194257
VUL-0: CVE-2021-45956: dnsmasq: Dnsmasq 2.86 has a heap-based buffer overflow in print_mac (called from log_packet and dhcp_reply).
Last modified: 2022-03-14 08:26:09 UTC
CVE-2021-45956 Dnsmasq 2.86 has a heap-based buffer overflow in print_mac (called from log_packet and dhcp_reply). - introduced: 96f6444958c29a670f4254722d787f328153605c - fixed: d242cbffa4f20c9f7472f79b3a9e47008b6fe77c References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45956 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35887 http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45956 https://github.com/google/oss-fuzz-vulns/blob/main/vulns/dnsmasq/OSV-2021-933.yaml
SUSE:SLE-11:Update dnsmasq-2.45 SUSE:SLE-11-SP3:Update dnsmasq-2.78 SUSE:SLE-11-SP4:Update dnsmasq-2.78 SUSE:SLE-15:Update dnsmasq-2.78 SUSE:SLE-15-SP1:Update dnsmasq-2.86 The mentioned commit is only present in 15-SP1. (This is the same commit as with bsc#1194258 / CVE-2021-45957.) # git tag --contains 96f6444958c29a670f4254722d787f328153605c v2.86test7 ~ v2.87test4 The fix commit is present since v2.87test5. # git tag --contains d242cbffa4f20c9f7472f79b3a9e47008b6fe77c v2.87test5
It looks like the commit IDs mentioned in these bugs are not correct. The alleged intrducer that is just a one-liner that I don't think can be responsible for seven vulnerabilities sprinkled across several functions and source files: https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commitdiff;h=96f6444958c29a670f4254722d787f328153605c The commit that is claimed to fix CVE-2021-45956 (this one) and CVE-2021-45953 os larger, but appears to be unrelated to both issues: https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commitdiff;h=d242cbffa4f20c9f7472f79b3a9e47008b6fe77c Please advice how to proceed with these bugs.
CVE was disputed by upstream: https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2022q1/016164.html
comment 3