oss-sec mailing list archives

Re: Questionable CVE's reported against dnsmasq

From: Douglas Bagnall <douglas.bagnall () catalyst net nz>
Date: Thu, 30 Oct 2025 13:46:06 +1300

On 28/10/25 14:49, Solar Designer wrote:

At this point, I think we want to hear from VulDB on this, and from
MITRE on their requirements for CNAs in general and VulDB in particular
to review CVE requests before assignment.  Maybe VulDB is in violation.

Samba has had at least one bogus CVE claim from a different CNA(mitre.org), but it is in some sort of "reserved" rather than "issued"state. That means that searching for the CVE number returns a singleresult -- the claimant's LinkedIn profile.

This would be the perfect outcome for all parties if we had not beenrequired to spend hours confirming the report was bogus.


Alan Coopersmith wrote:

The folks on the dnsmasq mailing list also pointed out the version claimed is
a release candidate from 10 years ago, not anything current:


We also see this pattern.

Douglas

Current thread:

Re: Questionable CVE's reported against dnsmasq, (continued)
- - - Re: Questionable CVE's reported against dnsmasq Stuart Henderson (Oct 28)
    - Re: Questionable CVE's reported against dnsmasq Salvatore Bonaccorso (Oct 29)
    - Re: Questionable CVE's reported against dnsmasq Petr Menšík (Oct 31)
    - Re: Questionable CVE's reported against dnsmasq Sebastian Pipping (Oct 31)
  - Re: Questionable CVE's reported against dnsmasq Jeffrey Walton (Oct 27)
- Re: Questionable CVE's reported against dnsmasq Moritz Mühlenhoff (Oct 27)
  - Re: Questionable CVE's reported against dnsmasq Collin Funk (Oct 27)
  - Re: Questionable CVE's reported against dnsmasq Michael Orlitzky (Oct 27)
    - Re: Questionable CVE's reported against dnsmasq Hank Leininger (Oct 27)
    - Re: Questionable CVE's reported against dnsmasq Solar Designer (Oct 27)
    - Re: Questionable CVE's reported against dnsmasq Douglas Bagnall (Oct 29)
    - Re: Questionable CVE's reported against dnsmasq Art Manion (Oct 31)
    - Re: Questionable CVE's reported against dnsmasq Solar Designer (Oct 31)
    - Re: Questionable CVE's reported against dnsmasq Art Manion (Nov 01)
    - Re: Questionable CVE's reported against dnsmasq Russ Allbery (Nov 01)
    - Re: Questionable CVE's reported against dnsmasq Collin Funk (Nov 01)
    - Re: Questionable CVE's reported against dnsmasq Solar Designer (Nov 01)
    - Re: Questionable CVE's reported against dnsmasq Jeremy Stanley (Nov 02)
    - Re: Questionable CVE's reported against dnsmasq Demi Marie Obenour (Nov 01)
    - Re: Questionable CVE's reported against dnsmasq Russ Allbery (Nov 01)
    - Re: Questionable CVE's reported against dnsmasq Peter Gutmann (Nov 03)

(Thread continues...)