Hugo Martinez

**Name of the Vulnerable Software and Affected Versions** dnsmasq (affected versions not specified) **Description** A buffer overflow in the `extract addresses()` function allows an attacker to trigger a heap out-of-bounds read and cause a crash. This occurs when a malformed DNS response is processed, enabling the `extract name()` function to advance the pointer beyond the end of the record. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.

**Name of the Vulnerable Software and Affected Versions** dnsmasq (affected versions not specified) **Description** The `extract name()` function can be abused to cause a heap buffer overflow, a condition where data exceeds the allocated memory buffer on the heap. This allows an attacker to inject false DNS cache entries, potentially redirecting DNS lookups to an attacker-controlled IP address or causing a Denial of Service (DoS). **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.