A flaw was found in dnsmasq. A remote attacker could exploit an out-of-bounds write vulnerability by sending a specially crafted BOOTREPLY (Bootstrap Protocol Reply) packet to a dnsmasq server configured with the --dhcp-split-relay option. This can lead to memory corruption, causing the dnsmasq daemon to crash and resulting in a denial of service (DoS).
To mitigate this issue, ensure that the dnsmasq service is not configured with the --dhcp-split-relay option. If this option is currently in use, remove it from the dnsmasq configuration. After modifying the configuration, the dnsmasq service must be restarted for the changes to take effect. This may temporarily interrupt DHCP and DNS services provided by dnsmasq.