DEBIAN-CVE-2023-28450

See a problem?
Please try reporting it to the source first.

Source

https://security-tracker.debian.org/tracker/DEBIAN-CVE-2023-28450

Import Source

https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2023-28450.json

JSON Data

https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2023-28450

Upstream

CVE-2023-28450

Published

2023-03-15T21:15:09Z

Modified

2025-09-19T07:33:17.003534Z

Summary

[none]

Details

An issue was discovered in Dnsmasq before 2.90. The default maximum EDNS.0 UDP packet size was set to 4096 but should be 1232 because of DNS Flag Day 2020.

References

https://security-tracker.debian.org/tracker/CVE-2023-28450

Affected packages

Debian:11 / dnsmasq

Package

Name: dnsmasq
Purl: pkg:deb/debian/dnsmasq?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.85-1+deb11u1

Affected versions

2.*

2.85-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / dnsmasq

Package

Name: dnsmasq
Purl: pkg:deb/debian/dnsmasq?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.90-4~deb12u1

Affected versions

2.*

2.89-1

2.90-1

2.90-2

2.90-3

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / dnsmasq

Package

Name: dnsmasq
Purl: pkg:deb/debian/dnsmasq?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.90-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:14 / dnsmasq

Package

Name: dnsmasq
Purl: pkg:deb/debian/dnsmasq?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.90-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}