Dnsmasq is prone to a remotely exploitable heap-overflow vulnerability because the software fails to properly bounds-check user-supplied input before copying it into an insufficiently sized memory buffer. Remote attackers can exploit this issue to execute arbitrary machine code in the context of the vulnerable software on the targeted user's computer. Dnsmasq is also prone to a NULL-pointer dereference vulnerability. An attacker can exploit this issue to crash the affected application, denying service to legitimate users. NOTE: The TFTP service must be enabled for this issue to be exploitable this is not the default. Versions *prior to* Dnsmasq 2.50 are vulnerable.
Updates are available. Please see the references for more information.