CVE-2023-28450 : An issue was discovered in Dnsmasq before 2.90. The default maximum EDNS.0 UDP p

An issue was discovered in Dnsmasq before 2.90. The default maximum EDNS.0 UDP packet size was set to 4096 but should be 1232 because of DNS Flag Day 2020.

Published 2023-03-15 21:15:09

Updated 2025-02-26 22:15:11

Source MITRE

View at NVD, CVE.org

Products affected by CVE-2023-28450

Thekelleys » Dnsmasq
Versions before (<) 2.90
cpe:2.3:a:thekelleys:dnsmasq:*:*:*:*:*:*:*:*
Matching versions

Threat overview for CVE-2023-28450

Top countries where our scanners detected CVE-2023-28450

Top open port discovered on systems with this issue 53

IPs affected by CVE-2023-28450 828,469

Threat actors abusing to this issue? Yes

Find out if you^* are affected by CVE-2023-28450!

^*Directly or indirectly through your vendors, service providers and 3rd parties. Powered by attack surface intelligence from SecurityScorecard.

Exploit prediction scoring system (EPSS) score for CVE-2023-28450

EPSS FAQ

0.06%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 17 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2023-28450

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
7.5	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H	3.9	3.6	134c704f-9b21-4f2e-91b3-4a467353bcc0	2025-02-26
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: High
7.5	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H	3.9	3.6	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: None Integrity: None Availability: High

References for CVE-2023-28450

https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=eb92fb32b746f2104b0f370b5b295bb8dd4bd5e5

thekelleys.org.uk Git - dnsmasq.git/commit
Patch
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6UQ6LKDTLSSD64TBIZ3XEKBM2SWC63VV/

[SECURITY] Fedora 38 Update: dnsmasq-2.89-2.fc38 - package-announce - Fedora Mailing-Lists
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6UQ6LKDTLSSD64TBIZ3XEKBM2SWC63VV/

[SECURITY] Fedora 38 Update: dnsmasq-2.89-2.fc38 - package-announce - Fedora Mailing-Lists
https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=blob;f=CHANGELOG

thekelleys.org.uk Git - dnsmasq.git/blob - CHANGELOG
Release Notes
https://thekelleys.org.uk/gitweb/?p=dnsmasq.git%3Ba=commit%3Bh=eb92fb32b746f2104b0f370b5b295bb8dd4bd5e5

thekelleys.org.uk Git
https://thekelleys.org.uk/dnsmasq/doc.html

Dnsmasq - network services for small networks.
Product
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OU2ZT4ITSEOOR2CFBAHK4Z67KXJIEWQA/

[SECURITY] Fedora 37 Update: dnsmasq-2.89-2.fc37 - package-announce - Fedora Mailing-Lists
https://capec.mitre.org/data/definitions/495.html

CAPEC - CAPEC-495: UDP Fragmentation (Version 3.9)
Not Applicable
https://thekelleys.org.uk/gitweb/?p=dnsmasq.git%3Ba=blob%3Bf=CHANGELOG

thekelleys.org.uk Git
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OU2ZT4ITSEOOR2CFBAHK4Z67KXJIEWQA/

[SECURITY] Fedora 37 Update: dnsmasq-2.89-2.fc37 - package-announce - Fedora Mailing-Lists

Jump to

Vulnerability Details : CVE-2023-28450

Products affected by CVE-2023-28450

Threat overview for CVE-2023-28450

Exploit prediction scoring system (EPSS) score for CVE-2023-28450

CVSS scores for CVE-2023-28450

References for CVE-2023-28450