Alberto Soliato Testa

**Name of the Vulnerable Software and Affected Versions** dnsmasq versions prior to 2.50 **Description** The issue is related to a heap-based buffer overflow in the tftp request function in tftp.c, which might allow remote attackers to execute arbitrary code via a long filename in a TFTP packet, such as a read (RRQ) request. This can be exploited when the --enable-tftp option is used. The vulnerability can lead to disruption of confidentiality, integrity, and availability of protected information. Exploitation can be done remotely. **Recommendations** For dnsmasq versions prior to 2.50, update to version 2.50 or later to resolve the issue. As a temporary workaround, consider disabling the `tftp request` function or the --enable-tftp option until a patch is available. Restrict access to the TFTP service to minimize the risk of exploitation.