Bug 1194257 - (CVE-2021-45956) VUL-0: CVE-2021-45956: dnsmasq: Dnsmasq 2.86 has a heap-based buffer overflow in print_mac (called from log_packet and dhcp_reply).
(CVE-2021-45956)
VUL-0: CVE-2021-45956: dnsmasq: Dnsmasq 2.86 has a heap-based buffer overflow...
Status: RESOLVED INVALID
Classification: Novell Products
Product: SUSE Security Incidents
Classification: Novell Products
Component: Incidents
unspecified
Other Other
: P3 - Medium : Normal
: ---
Assigned To: Security Team bot
Security Team bot
https://smash.suse.de/issue/319349/
CVSSv3.1:SUSE:CVE-2021-45956:6.5:(AV:...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2022-01-03 15:50 UTC by Alexander Bergmann
Modified: 2022-03-14 08:26 UTC (History)
4 users (show)

See Also:
Found By: Security Response Team
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Alexander Bergmann 2022-01-03 15:50:16 UTC
CVE-2021-45956

Dnsmasq 2.86 has a heap-based buffer overflow in print_mac (called from
log_packet and dhcp_reply).

- introduced: 96f6444958c29a670f4254722d787f328153605c
- fixed: d242cbffa4f20c9f7472f79b3a9e47008b6fe77c

References:
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2021-45956
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35887
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-45956
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/dnsmasq/OSV-2021-933.yaml
Comment 1 Alexander Bergmann 2022-01-11 10:00:39 UTC
SUSE:SLE-11:Update      dnsmasq-2.45
SUSE:SLE-11-SP3:Update  dnsmasq-2.78
SUSE:SLE-11-SP4:Update  dnsmasq-2.78
SUSE:SLE-15:Update      dnsmasq-2.78
SUSE:SLE-15-SP1:Update  dnsmasq-2.86

The mentioned commit is only present in 15-SP1.

(This is the same commit as with bsc#1194258 / CVE-2021-45957.)

# git tag --contains 96f6444958c29a670f4254722d787f328153605c
v2.86test7 ~ v2.87test4

The fix commit is present since v2.87test5.

# git tag --contains d242cbffa4f20c9f7472f79b3a9e47008b6fe77c
v2.87test5
Comment 2 Reinhard Max 2022-01-14 16:23:42 UTC
It looks like the commit IDs mentioned in these bugs are not correct.

The alleged intrducer that is just a one-liner that I don't think can be responsible for seven vulnerabilities sprinkled across several functions and source files:

https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commitdiff;h=96f6444958c29a670f4254722d787f328153605c

The commit that is claimed to fix CVE-2021-45956 (this one) and CVE-2021-45953 os larger, but appears to be unrelated to both issues:

https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commitdiff;h=d242cbffa4f20c9f7472f79b3a9e47008b6fe77c

Please advice how to proceed with these bugs.
Comment 3 Reinhard Max 2022-03-11 14:08:48 UTC
CVE was disputed by upstream:
https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2022q1/016164.html
Comment 4 Gianluca Gabrielli 2022-03-14 08:26:09 UTC
comment 3