ALPINE-CVE-2023-28450

ALPINE-CVE-2023-28450 PUBLISHED CVSS 7.5 HIGH

An issue was discovered in Dnsmasq before 2.90. The default maximum EDNS.0 UDP packet size was set to 4096 but should be 1232 because of DNS Flag Day 2020.

Risk Scores

CVSS v3.1

7.5

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products

Vendor	Product	Versions
Alpine:v3.19	dnsmasq	2.86-r0, 2.86-r3, 2.86-r2
Alpine:v3.17	dnsmasq	2.86-r0, 2.86-r1, 2.86-r2
Alpine:v3.14	dnsmasq	2.85-r0, 0, 2.47-r0
Alpine:v3.18	dnsmasq	2.87-r0, 2.86-r5, 2.86-r4
Alpine:v3.15	dnsmasq	0, 0, 2.86-r1
Alpine:v3.23	dnsmasq	2.89-r0, 2.88-r1, 2.88-r0
Alpine:v3.22	dnsmasq	2.86-r5, 2.86-r0, 2.86-r1
Alpine:v3.16	dnsmasq	2.86-r0, 2.86-r1, 2.86-r2
Alpine:v3.21	dnsmasq	2.89-r0, 2.89-r1, 2.89-r2
Alpine:v3.20	dnsmasq	2.86-r0, 2.89-r2, 2.89-r1

Timeline

Mar 15, 2023 CVE Published
Dec 3, 2025 CVE Updated
Apr 30, 2026 Distribution Patch

References

https://security.alpinelinux.org/vuln/CVE-2023-28450 advisory

Open in Interactive Console →