CVE-2023-28450

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Dnsmasq versions prior to 2.90

Description An issue was discovered in Dnsmasq where the default maximum EDNS.0 UDP packet size was set to 4096 but should be 1232 due to DNS Flag Day 2020. This issue may allow a remote attacker to cause a denial of service.

Recommendations For versions prior to 2.90, update to version 2.90 or later to resolve the issue. As a temporary workaround, consider setting the maximum EDNS.0 UDP packet size to 1232 to minimize the risk of exploitation.

Fix

Allocation of Resources Without Limits

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-770CWE-400

Related Identifiers

ALSA-2023:6524

ALSA-2023:7046

ALT-PU-2023-1523

ALT-PU-2023-1548

ALT-PU-2023-1570

ALT-PU-2023-8012

ALT-PU-2024-3156

AZL-25660

BDU:2023-02265

CESA-2023_7046

CVE-2023-28450

DLA-3974-1

MGASA-2023-0153

OPENSUSE-SU-2024:12887-1

OPENSUSE-SU-2025_0071-1

RHSA-2023:6524

RHSA-2023:7046

RHSA-2023_6524

RHSA-2023_7046

RHSA-2024:1544

RHSA-2024:1545

RHSA-2024:4052

ROSA-SA-2023-2283

SUSE-SU-2023:1930-1

SUSE-SU-2023:2123-1

SUSE-SU-2023_1930-1

SUSE-SU-2023_2123-1

SUSE-SU-2025:0071-1

SUSE-SU-2025:20118-1

USN-6034-1

USN-6657-1

USN-6657-2

Affected Products

Alt Linux

Almalinux

Astra Linux

Centos

Dnsmasq

Linuxmint

Red Hat

Red Os

Suse

Ubuntu

CVE-2023-28450

Weakness Enumeration

Related Identifiers

Affected Products

References · 76