Dnsmasq before 2.76 allows remote servers to cause a denial of service (crash) via a reply with an empty DNS address that has an (1) A or (2) AAAA record defined locally.
{ "binaries": [ { "binary_name": "dnsmasq", "binary_version": "2.75-1ubuntu0.16.04.1" }, { "binary_name": "dnsmasq-base", "binary_version": "2.75-1ubuntu0.16.04.1" }, { "binary_name": "dnsmasq-utils", "binary_version": "2.75-1ubuntu0.16.04.1" } ], "ubuntu_priority": "medium", "availability": "No subscription required" }