vulnerability
FreeBSD: VID-5b72b1ff-877c-11eb-bd4f-2f1d57dafe46 (CVE-2021-3448): dnsmasq -- cache poisoning vulnerability in certain configurations
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 4 | (AV:N/AC:M/Au:N/C:N/I:P/A:N) | Mar 18, 2021 | Mar 18, 2021 | Dec 10, 2025 |
Severity
4
CVSS
(AV:N/AC:M/Au:N/C:N/I:P/A:N)
Published
Mar 18, 2021
Added
Mar 18, 2021
Modified
Dec 10, 2025
Description
Simon Kelley reports: [In configurations where the forwarding server address contains an @ character for specifying a sending interface or source address, the] random source port behavior was disabled, making cache poisoning attacks possible. This only affects configurations of the form server=1.1.1.1@em0 or [email protected], i. e. those that specify an interface to send through, or an IP address to send from, or use together with NetworkManager.
Solutions
freebsd-upgrade-package-dnsmasqfreebsd-upgrade-package-dnsmasq-devel
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.