Vulnerability Details : CVE-2008-3214
dnsmasq 2.25 allows remote attackers to cause a denial of service (daemon crash) by (1) renewing a nonexistent lease or (2) sending a DHCPREQUEST for an IP address that is not in the same network, related to the DHCP NAK response from the daemon.
Vulnerability category: Input validationDenial of service
Products affected by CVE-2008-3214
- cpe:2.3:a:thekelleys:dnsmasq:2.25:*:*:*:*:*:*:*
Exploit prediction scoring system (EPSS) score for CVE-2008-3214
5.28%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 93 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2008-3214
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.8
|
HIGH | AV:N/AC:L/Au:N/C:N/I:N/A:C |
10.0
|
6.9
|
NIST |
CWE ids for CVE-2008-3214
-
The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.Assigned by: nvd@nist.gov (Primary)
Vendor statements for CVE-2008-3214
-
Red Hat 2008-07-25Not vulnerable. This issue did not affect the version of dnsmasq as shipped with Red Hat Enterprise Linux 5.
References for CVE-2008-3214
-
http://freshmeat.net/projects/dnsmasq/?branch_id=1991&release_id=217681
Best Open Source Mac Software Development Software 2024
-
http://www.openwall.com/lists/oss-security/2008/07/12/3
oss-security - Re: CVE request for dnsmasq DoSExploit
-
http://www.openwall.com/lists/oss-security/2008/07/02/4
oss-security - Re: CVE request for dnsmasq DoS
-
http://www.openwall.com/lists/oss-security/2008/06/30/7
oss-security - CVE request for dnsmasq DoS
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/43929
Dnsmasq multiple denial of service CVE-2008-3214 Vulnerability Report
-
http://www.thekelleys.org.uk/dnsmasq/CHANGELOG
-
http://www.openwall.com/lists/oss-security/2008/07/01/8
oss-security - Re: CVE request for dnsmasq DoS
-
http://www.openwall.com/lists/oss-security/2008/07/08/8
oss-security - Re: CVE request for dnsmasq DoS
-
https://bugs.launchpad.net/ubuntu/+source/dnsmasq/+bug/47438
Bug #47438 “Dnsmasq crashes when renewing non-existent lease” : Bugs : dnsmasq package : UbuntuExploit
-
http://www.openwall.com/lists/oss-security/2008/07/03/4
oss-security - Re: CVE request for dnsmasq DoS
Jump to