USN-6034-1
- Source
- https://ubuntu.com/security/notices/USN-6034-1
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-6034-1.json
- JSON Data
- https://api.osv.dev/v1/vulns/USN-6034-1
- Upstream
- Related
- Published
- 2023-04-20T12:57:33.700746Z
- Modified
- 2025-10-13T04:36:24Z
- Summary
- dnsmasq vulnerability
- Details
-
It was discovered that Dnsmasq was sending large DNS messages over UDP, possibly causing transmission failures due to IP fragmentation. This update lowers the default maximum size of DNS messages to improve transmission reliability over UDP.
- References
Affected packages
Ubuntu:Pro:14.04:LTS / dnsmasq
Package
- Name
- dnsmasq
- Purl
- pkg:deb/ubuntu/dnsmasq@2.68-1ubuntu0.2+esm2?arch=source&distro=trusty/esm
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.68-1ubuntu0.2+esm2
Affected versions
2.*
2.66-4ubuntu1
2.67-1
2.68-1
2.68-1ubuntu0.1
2.68-1ubuntu0.2
2.68-1ubuntu0.2+esm1
Ecosystem specific
{
"binaries": [
{
"binary_name": "dnsmasq",
"binary_version": "2.68-1ubuntu0.2+esm2"
},
{
"binary_name": "dnsmasq-base",
"binary_version": "2.68-1ubuntu0.2+esm2"
},
{
"binary_name": "dnsmasq-utils",
"binary_version": "2.68-1ubuntu0.2+esm2"
}
],
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro"
}
Database specific
source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-6034-1.json"
cves_map
{
"ecosystem": "Ubuntu:Pro:14.04:LTS",
"cves": [
{
"id": "CVE-2023-28450",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
{
"type": "Ubuntu",
"score": "low"
}
]
}
]
}
Ubuntu:Pro:16.04:LTS / dnsmasq
Package
- Name
- dnsmasq
- Purl
- pkg:deb/ubuntu/dnsmasq@2.79-1ubuntu0.16.04.1+esm2?arch=source&distro=esm-infra/xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.79-1ubuntu0.16.04.1+esm2
Affected versions
2.*
2.75-1
2.75-1ubuntu0.16.04.1
2.75-1ubuntu0.16.04.2
2.75-1ubuntu0.16.04.3
2.75-1ubuntu0.16.04.4
2.75-1ubuntu0.16.04.5
2.75-1ubuntu0.16.04.7
2.75-1ubuntu0.16.04.8
2.75-1ubuntu0.16.04.10
2.75-1ubuntu0.16.04.10+esm1
2.79-1ubuntu0.16.04.1+esm1
Ecosystem specific
{
"binaries": [
{
"binary_name": "dnsmasq",
"binary_version": "2.79-1ubuntu0.16.04.1+esm2"
},
{
"binary_name": "dnsmasq-base",
"binary_version": "2.79-1ubuntu0.16.04.1+esm2"
},
{
"binary_name": "dnsmasq-base-lua",
"binary_version": "2.79-1ubuntu0.16.04.1+esm2"
},
{
"binary_name": "dnsmasq-utils",
"binary_version": "2.79-1ubuntu0.16.04.1+esm2"
}
],
"availability": "Available with Ubuntu Pro (Infra-only): https://ubuntu.com/pro"
}
Database specific
source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-6034-1.json"
cves_map
{
"ecosystem": "Ubuntu:Pro:16.04:LTS",
"cves": [
{
"id": "CVE-2023-28450",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
{
"type": "Ubuntu",
"score": "low"
}
]
}
]
}
Ubuntu:18.04:LTS / dnsmasq
Package
- Name
- dnsmasq
- Purl
- pkg:deb/ubuntu/dnsmasq@2.79-1ubuntu0.7?arch=source&distro=bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.79-1ubuntu0.7
Affected versions
2.*
2.78-1
2.78-3
2.79-1
2.79-1ubuntu0.2
2.79-1ubuntu0.3
2.79-1ubuntu0.4
2.79-1ubuntu0.5
2.79-1ubuntu0.6
Ecosystem specific
{
"binaries": [
{
"binary_name": "dnsmasq",
"binary_version": "2.79-1ubuntu0.7"
},
{
"binary_name": "dnsmasq-base",
"binary_version": "2.79-1ubuntu0.7"
},
{
"binary_name": "dnsmasq-base-lua",
"binary_version": "2.79-1ubuntu0.7"
},
{
"binary_name": "dnsmasq-utils",
"binary_version": "2.79-1ubuntu0.7"
}
],
"availability": "No subscription required"
}
Database specific
source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-6034-1.json"
cves_map
{
"ecosystem": "Ubuntu:18.04:LTS",
"cves": [
{
"id": "CVE-2023-28450",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
{
"type": "Ubuntu",
"score": "low"
}
]
}
]
}
Ubuntu:20.04:LTS / dnsmasq
Package
- Name
- dnsmasq
- Purl
- pkg:deb/ubuntu/dnsmasq@2.80-1.1ubuntu1.7?arch=source&distro=focal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.80-1.1ubuntu1.7
Affected versions
2.*
2.80-1ubuntu2
2.80-1ubuntu4
2.80-1.1ubuntu1
2.80-1.1ubuntu1.2
2.80-1.1ubuntu1.3
2.80-1.1ubuntu1.4
2.80-1.1ubuntu1.5
2.80-1.1ubuntu1.6
Ecosystem specific
{
"binaries": [
{
"binary_name": "dnsmasq",
"binary_version": "2.80-1.1ubuntu1.7"
},
{
"binary_name": "dnsmasq-base",
"binary_version": "2.80-1.1ubuntu1.7"
},
{
"binary_name": "dnsmasq-base-lua",
"binary_version": "2.80-1.1ubuntu1.7"
},
{
"binary_name": "dnsmasq-utils",
"binary_version": "2.80-1.1ubuntu1.7"
}
],
"availability": "No subscription required"
}
Database specific
source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-6034-1.json"
cves_map
{
"ecosystem": "Ubuntu:20.04:LTS",
"cves": [
{
"id": "CVE-2023-28450",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
{
"type": "Ubuntu",
"score": "low"
}
]
}
]
}
Ubuntu:22.04:LTS / dnsmasq
Package
- Name
- dnsmasq
- Purl
- pkg:deb/ubuntu/dnsmasq@2.86-1.1ubuntu0.3?arch=source&distro=jammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed2.86-1.1ubuntu0.3
Ecosystem specific
{
"binaries": [
{
"binary_name": "dnsmasq",
"binary_version": "2.86-1.1ubuntu0.3"
},
{
"binary_name": "dnsmasq-base",
"binary_version": "2.86-1.1ubuntu0.3"
},
{
"binary_name": "dnsmasq-base-lua",
"binary_version": "2.86-1.1ubuntu0.3"
},
{
"binary_name": "dnsmasq-utils",
"binary_version": "2.86-1.1ubuntu0.3"
}
],
"availability": "No subscription required"
}
Database specific
source
"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-6034-1.json"
cves_map
{
"ecosystem": "Ubuntu:22.04:LTS",
"cves": [
{
"id": "CVE-2023-28450",
"severity": [
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
{
"type": "CVSS_V3",
"score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"
},
{
"type": "Ubuntu",
"score": "low"
}
]
}
]
}