CVE-2021-3448 - A flaw was found in dnsmasq in versions before 2.85. When configured to use a specific server for a

CVE-2021-3448

Summary

A flaw was found in dnsmasq in versions before 2.85. When configured to use a specific server for a given network interface, dnsmasq uses a fixed port while forwarding queries. An attacker on the network, able to find the outgoing port used by dnsmasq, only needs to guess the random transmission ID to forge a reply and get it accepted by dnsmasq. This flaw makes a DNS Cache Poisoning attack much easier. The highest threat from this vulnerability is to data integrity.

References

Vulnerable Configurations

cpe:2.3:a:thekelleys:dnsmasq:-:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:-:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:0.4:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:0.4:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:0.5:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:0.5:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:0.6:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:0.6:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:0.7:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:0.7:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:0.95:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:0.95:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:0.96:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:0.96:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:0.98:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:0.98:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:0.992:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:0.992:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:0.996:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:0.996:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:1.0:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:1.0:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:1.2:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:1.2:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:1.3:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:1.3:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:1.4:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:1.4:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:1.5:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:1.5:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:1.6:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:1.6:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:1.7:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:1.7:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:1.8:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:1.8:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:1.9:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:1.9:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:1.10:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:1.10:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:1.11:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:1.11:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:1.12:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:1.12:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:1.13:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:1.13:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:1.14:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:1.14:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:1.15:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:1.15:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:1.16:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:1.16:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:1.17:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:1.17:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:1.18:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:1.18:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.0:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.0:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.1:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.1:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.2:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.2:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.3:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.3:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.4:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.4:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.5:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.5:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.6:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.6:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.7:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.7:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.8:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.8:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.9:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.9:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.10:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.10:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.11:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.11:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.12:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.12:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.13:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.13:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.14:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.14:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.15:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.15:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.16:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.16:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.17:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.17:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.18:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.18:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.19:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.19:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.20:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.20:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.21:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.21:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.22:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.22:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.23:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.23:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.24:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.24:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.25:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.25:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.26:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.26:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.27:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.27:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.28:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.28:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.29:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.29:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.30:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.30:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.31:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.31:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.33:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.33:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.34:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.34:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.35:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.35:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.36:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.36:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.37:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.37:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.38:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.38:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.39:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.39:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.40:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.40:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.41:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.41:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.42:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.42:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.43:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.43:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.44:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.44:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.45:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.45:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.46:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.46:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.47:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.47:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.48:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.48:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.49:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.49:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.50:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.50:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.51:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.51:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.52:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.52:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.53:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.53:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.54:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.54:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.55:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.55:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.56:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.56:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.57:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.57:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.58:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.58:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.59:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.59:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.60:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.60:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.61:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.61:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.62:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.62:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.63:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.63:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.64:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.64:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.65:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.65:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.66:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.66:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.67:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.67:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.68:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.68:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.69:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.69:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.70:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.70:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.71:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.71:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.72:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.72:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.73:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.73:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.74:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.74:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.75:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.75:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.76:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.76:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.77:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.77:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.78:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.78:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.79:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.79:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.80:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.80:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.81:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.81:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.82:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.82:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.83:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.83:*:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.84:-:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.84:-:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.84:rc1:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.84:rc1:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.84:rc2:*:*:*:*:*:*
cpe:2.3:a:thekelleys:dnsmasq:2.84:rc2:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:34:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:1.9.0:*:*:*:*:*:*:*
cpe:2.3:a:oracle:communications_cloud_native_core_network_function_cloud_native_environment:1.9.0:*:*:*:*:*:*:*

CVSS

Base:	4.3 (as of 27-10-2022 - 12:45)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	MEDIUM	NONE

Impact

Confidentiality	Integrity	Availability
NONE	PARTIAL	NONE

cvss-vector via4

AV:N/AC:M/Au:N/C:N/I:P/A:N

Last major update

27-10-2022 - 12:45

Published

08-04-2021 - 23:15

Last modified

27-10-2022 - 12:45