Are these real CVEs? VulDB entries for dnsmasq rely on replacing config files
6 months ago
- #dnsmasq
- #CVE
- #security
- Multiple questionable CVEs were reported against dnsmasq and Kamailio SIP server.
- The exploits require replacing the default configuration file with a malicious one, which is impractical since an attacker with such access can directly alter configurations.
- The issue highlights potential flaws in CVE assignment when exploits require unrealistic preconditions.