CVE-2023-28450

Public on 2023-03-15
Modified on 2024-04-29
Description
An issue was discovered in Dnsmasq before 2.90. The default maximum EDNS.0 UDP packet size was set to 4096 but should be 1232 because of DNS Flag Day 2020.
Severity
Medium severity
Medium
CVSS v3 Base Score
6.5
See breakdown

Affected Packages

Platform Package Release Date Advisory Status
Amazon Linux 1 dnsmasq 2023-06-05 ALAS-2023-1758 Fixed
Amazon Linux 2 - Dnsmasq2.85 Extra dnsmasq Pending Fix
Amazon Linux 2 - Core dnsmasq 2023-06-05 ALAS2-2023-2069 Fixed
Amazon Linux 2 - Dnsmasq Extra dnsmasq 2023-08-07 ALAS2DNSMASQ-2023-001 Fixed
Amazon Linux 2023 dnsmasq 2023-06-05 ALAS2023-2023-192 Fixed

CVSS Scores

Score Type Score Vector
Amazon Linux CVSSv3 6.5 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
NVD CVSSv3 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References

Red Hat: CVE-2023-28450 Mitre: CVE-2023-28450