{"id":"DEBIAN-CVE-2015-3294","details":"The tcp_request function in Dnsmasq before 2.73rc4 does not properly handle the return value of the setup_reply function, which allows remote attackers to read process memory and cause a denial of service (out-of-bounds read and crash) via a malformed DNS request.","modified":"2026-04-28T20:14:21.971677Z","published":"2015-05-08T14:59:05.527Z","upstream":["CVE-2015-3294"],"references":[{"type":"ADVISORY","url":"https://security-tracker.debian.org/tracker/CVE-2015-3294"}],"affected":[{"package":{"name":"dnsmasq","ecosystem":"Debian:11","purl":"pkg:deb/debian/dnsmasq?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.72-3.1"}]}],"ecosystem_specific":{"urgency":"not yet assigned"},"database_specific":{"source":"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2015-3294.json"}},{"package":{"name":"dnsmasq","ecosystem":"Debian:12","purl":"pkg:deb/debian/dnsmasq?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.72-3.1"}]}],"ecosystem_specific":{"urgency":"not yet assigned"},"database_specific":{"source":"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2015-3294.json"}},{"package":{"name":"dnsmasq","ecosystem":"Debian:13","purl":"pkg:deb/debian/dnsmasq?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.72-3.1"}]}],"ecosystem_specific":{"urgency":"not yet assigned"},"database_specific":{"source":"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2015-3294.json"}},{"package":{"name":"dnsmasq","ecosystem":"Debian:14","purl":"pkg:deb/debian/dnsmasq?arch=source"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"2.72-3.1"}]}],"ecosystem_specific":{"urgency":"not yet assigned"},"database_specific":{"source":"https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2015-3294.json"}}],"schema_version":"1.7.5"}