5.9

CVE-2026-12725

Dnsmasq: dnsmasq: heap buffer overflow in log_query() when logging unsupported ds/dnskey replies

A heap-based buffer overflow was found in dnsmasq. When DNSSEC validation and
query logging are both enabled, logging of DS or DNSKEY replies containing
unsupported algorithm or digest types can cause dnsmasq to write past the end
of an internal logging buffer. A remote attacker able to supply such a DNS
response may crash the dnsmasq process, resulting in denial of service.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
RedhatOpenshift Container Platform Version >= 4.0 <= 4.22.1
RedhatEnterprise Linux Version8.0
RedhatEnterprise Linux Version9.0
RedhatEnterprise Linux Version10.0
ThekelleysDnsmasq Version < 2.93
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 0.4% 0.323
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
secalert@redhat.com 5.9 2.2 3.6
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE-122 Heap-based Buffer Overflow

A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().

https://bugzilla.redhat.com/show_bug.cgi?id=2490763
Vendor Advisory
Issue Tracking
https://access.redhat.com/security/cve/CVE-2026-12725
Vendor Advisory
Mitigation