CVE-2023-28450

Source
https://nvd.nist.gov/vuln/detail/CVE-2023-28450
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-28450.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2023-28450
Related
Published
2023-03-15T21:15:09Z
Modified
2025-02-26T22:49:42.553599Z
Downstream
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

An issue was discovered in Dnsmasq before 2.90. The default maximum EDNS.0 UDP packet size was set to 4096 but should be 1232 because of DNS Flag Day 2020.

References

Affected packages

Alpine:v3.14 / dnsmasq

Package

Name
dnsmasq
Purl
pkg:apk/alpine/dnsmasq?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.86-r3

Affected versions

2.*

2.46-r0
2.47-r0
2.49-r0
2.50-r0
2.50-r1
2.51-r0
2.52-r0
2.52-r1
2.55-r0
2.57-r0
2.58-r0
2.59-r0
2.59-r1
2.60-r0
2.61-r0
2.62-r0
2.63-r0
2.64-r0
2.65-r0
2.66-r0
2.66-r1
2.66-r2
2.67-r0
2.68-r0
2.69-r0
2.70-r0
2.71-r0
2.72-r0
2.72-r1
2.73-r0
2.75-r0
2.75-r1
2.75-r2
2.76-r0
2.76-r1
2.76-r2
2.76-r3
2.76-r4
2.77-r0
2.78-r0
2.78-r1
2.78-r2
2.79-r0
2.79-r1
2.79-r2
2.80-r0
2.80-r1
2.80-r2
2.80-r3
2.80-r4
2.80-r5
2.81-r0
2.81-r1
2.82-r0
2.83-r0
2.84-r0
2.85-r0
2.85-r1
2.85-r2
2.85-r3

Alpine:v3.15 / dnsmasq

Package

Name
dnsmasq
Purl
pkg:apk/alpine/dnsmasq?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.86-r2

Affected versions

2.*

2.86-r0
2.86-r1

Alpine:v3.16 / dnsmasq

Package

Name
dnsmasq
Purl
pkg:apk/alpine/dnsmasq?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.86-r4

Affected versions

2.*

2.86-r0
2.86-r1
2.86-r2
2.86-r3

Alpine:v3.17 / dnsmasq

Package

Name
dnsmasq
Purl
pkg:apk/alpine/dnsmasq?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.87-r2

Affected versions

2.*

2.86-r0
2.86-r1
2.86-r2
2.86-r3
2.86-r4
2.86-r5
2.87-r0
2.87-r1

Alpine:v3.18 / dnsmasq

Package

Name
dnsmasq
Purl
pkg:apk/alpine/dnsmasq?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.89-r3

Affected versions

2.*

2.86-r0
2.86-r1
2.86-r2
2.86-r3
2.86-r4
2.86-r5
2.87-r0
2.88-r0
2.88-r1
2.89-r0
2.89-r1
2.89-r2

Alpine:v3.19 / dnsmasq

Package

Name
dnsmasq
Purl
pkg:apk/alpine/dnsmasq?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.89-r3

Affected versions

2.*

2.86-r0
2.86-r1
2.86-r2
2.86-r3
2.86-r4
2.86-r5
2.87-r0
2.88-r0
2.88-r1
2.89-r0
2.89-r1
2.89-r2

Alpine:v3.20 / dnsmasq

Package

Name
dnsmasq
Purl
pkg:apk/alpine/dnsmasq?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.89-r3

Affected versions

2.*

2.86-r0
2.86-r1
2.86-r2
2.86-r3
2.86-r4
2.86-r5
2.87-r0
2.88-r0
2.88-r1
2.89-r0
2.89-r1
2.89-r2

Alpine:v3.21 / dnsmasq

Package

Name
dnsmasq
Purl
pkg:apk/alpine/dnsmasq?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.89-r3

Affected versions

2.*

2.86-r0
2.86-r1
2.86-r2
2.86-r3
2.86-r4
2.86-r5
2.87-r0
2.88-r0
2.88-r1
2.89-r0
2.89-r1
2.89-r2

Debian:11 / dnsmasq

Package

Name
dnsmasq
Purl
pkg:deb/debian/dnsmasq?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.85-1+deb11u1

Affected versions

2.*

2.85-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / dnsmasq

Package

Name
dnsmasq
Purl
pkg:deb/debian/dnsmasq?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.90-4~deb12u1

Affected versions

2.*

2.89-1
2.90-1
2.90-2
2.90-3

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / dnsmasq

Package

Name
dnsmasq
Purl
pkg:deb/debian/dnsmasq?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.90-1

Affected versions

2.*

2.89-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}