2017-10-02 21:00:00
mitre
PUBLISHED
In dnsmasq before 2.78, if the DNS packet size does not match the expected size, the size parameter in a memset call gets a negative value. As it is an unsigned value, memset ends up writing up to 0xffffffff zeros (0xffffffffffffffff in 64 bit platforms), making dnsmasq crash.