Preface: On August 27, 2015 Cisco announced it has completed the acquisition of OpenDNS (now branded as Cisco Umbrella). Perhaps they predict that this day will come.

Background: dnsmasq is free software providing Domain Name System (DNS) caching, a Dynamic Host Configuration Protocol (DHCP) server,
router advertisement and network boot features, intended for small computer networks. Dnsmasq is common in Internet-of-Things (IoT) and other embedded devices.

Vulnerability details: Dnsmasq is vulnerable to memory corruption and cache poisoning. For more details, please see the follow links: https://kb.cert.org/vuls/id/434904

Workarounds:

• Configure dnsmasqnot to listen on WAN interfaces
• Reduce the maximum queries (–dns-forward-max=). The default is 150.
• Do a patching
• Use protocols that provide transport security for DNS (DoT or DoH)
• Reducing the maximum size of EDNS message (Recommendations related to RFC5625)