CVE-2026-12969

An out-of-bounds read vulnerability exists in dnsmasq's findsoa function in src/rfc1035.c. When parsing NS section records, extractname is called with extrabytes=0, failing to validate that 10 additional bytes exist for fixed-length DNS record fields. A remote attacker controlling a DNS zone can...

CVE-2026-12969

Dnsmasq has an out-of-bounds read in find_soa() (src/rfc1035.c) when parsing NS records; extract_name() is called with extrabytes=0 and does not validate that 10 extra bytes exist for fixed-length DNS fields. A remote attacker controlling a DNS zone could exploit a crafted NXDOMAIN response to pe...

CVE-2026-12969 Dnsmasq: dnsmasq: out-of-bounds read in find_soa() due to missing extrabytes validation

An out-of-bounds read vulnerability exists in dnsmasq's findsoa function in src/rfc1035.c. When parsing NS section records, extractname is called with extrabytes=0, failing to validate that 10 additional bytes exist for fixed-length DNS record fields. A remote attacker controlling a DNS zone can...

CVE-2026-12969

An out-of-bounds read vulnerability exists in dnsmasq's findsoa function in src/rfc1035.c. When parsing NS section records, extractname is called with extrabytes=0, failing to validate that 10 additional bytes exist for fixed-length DNS record fields. A remote attacker controlling a DNS zone can...

EUVD-2026-38449

An out-of-bounds read vulnerability exists in dnsmasq's findsoa function in src/rfc1035.c. When parsing NS section records, extractname is called with extrabytes=0, failing to validate that 10 additional bytes exist for fixed-length DNS record fields. A remote attacker controlling a DNS zone can...

UBUNTU-CVE-2026-12725

A heap-based buffer overflow was found in dnsmasq. When DNSSEC validat...

CVE-2026-12725

A heap-based buffer overflow was found in dnsmasq. When DNSSEC validation and query logging are both enabled, logging of DS or DNSKEY replies containing unsupported algorithm or digest types can cause dnsmasq to write past the end of an internal logging buffer. A remote attacker able to supply su...

CVE-2026-12725

CVE-2026-12725 affects dnsmasq. The flaw is a heap-based buffer overflow in the log_query() path when DNSSEC validation and query logging are both enabled and DNS responses contain DS/DNSKEY records with unsupported algorithm or digest types. This can cause dnsmasq to write past the end of an int...

CVE-2026-12725

A heap-based buffer overflow was found in dnsmasq. When DNSSEC validation and query logging are both enabled, logging of DS or DNSKEY replies containing unsupported algorithm or digest types can cause dnsmasq to write past the end of an internal logging buffer. A remote attacker able to supply su...

CVE-2026-12725 Dnsmasq: dnsmasq: heap buffer overflow in log_query() when logging unsupported ds/dnskey replies

A heap-based buffer overflow was found in dnsmasq. When DNSSEC validation and query logging are both enabled, logging of DS or DNSKEY replies containing unsupported algorithm or digest types can cause dnsmasq to write past the end of an internal logging buffer. A remote attacker able to supply su...

Debian dla-4625 : dnsmasq - security update

The remote Debian 11 host has packages installed that are affected by multiple vulnerabilities as referenced in the dla-4625 advisory. - ------------------------------------------------------------------------- Debian LTS Advisory DLA-4625-1 [email protected]...

[SECURITY] [DLA 4625-1] dnsmasq security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-4625-1 [email protected] https://www.debian.org/lts/security/ Arnaud Rebillout June 10, 2026 https://wiki.debian.org/LTS -...

TencentOS Server 4: dnsmasq (TSSA-2026:0344)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2026:0344 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

Photon OS 5.0: Dnsmasq PHSA-2026-5.0-0866

An update of the dnsmasq package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2026-5.0-0866. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

Slackware Linux 15.0 / current dnsmasq Vulnerability (SSA:2026-155-01)

The version of dnsmasq installed on the remote host is prior to 2.93. It is, therefore, affected by a vulnerability as referenced in the SSA:2026-155-01 advisory. New dnsmasq packages are available for Slackware 15.0 and -current to fix a security issue. Tenable has extracted the preceding...

Important Photon OS Security Update - PHSA-2026-5.0-0866

Updates of 'dnsmasq' packages of Photon OS have been released...

CVE-2026-35521

FTLDNS pihole-FTL provides an interactive API and also generates statistics for Pi-hole's Web interface. From 6.0 to before 6.6, the Pi-hole FTL engine contains a Remote Code Execution RCE vulnerability in the DHCP hosts configuration parameter dhcp.hosts. This vulnerability allows an authenticat...

CVE-2026-2291 affecting package dnsmasq for versions less than 2.92-1

CVE-2026-2291 affecting package dnsmasq for versions less than 2.92-1. A patched version of the package is available...

CVE-2026-4891 affecting package dnsmasq for versions less than 2.92-1

CVE-2026-4891 affecting package dnsmasq for versions less than 2.92-1. A patched version of the package is available...

CVE-2026-4890 affecting package dnsmasq for versions less than 2.92-1

CVE-2026-4890 affecting package dnsmasq for versions less than 2.92-1. A patched version of the package is available...