CERT/CC and CISA Report Multiple Vulnerabilities in Dnsmasq

01/21/2021 07:13 AM EST


release date: January 21, 2021

CISA and the CERT Coordination Center (CERT/CC) are aware of multiple
vulnerabilities affecting Dnsmasq version 2.82 and prior. Dnsmasq is a
widely-used, open-source software that provides Domain Name Service forwarding
and caching and is common in Internet-of-Things (IoT) and other embedded
devices. A remote attacker could exploit some of these vulnerabilities to take
control of an affected system.

CISA encourages users and vendors of IoT and embedded devices that use
Dnsmasq to review CERT/CC VU#434904
and CISA ICSA-21-019-01
for more information and to apply the necessary update. Refer to vendors
for appropriate patches, when available.