Primary

Context

Dnsmasq Heap Buffer Overflow Vulnerability Allowing DNS Cache Poisoning and Denial-of-Service

Vulnerability

Patched

A heap buffer overflow vulnerability has been identified in Dnsmasq's 'extract_name()' function. This vulnerability allows attackers to inject false entries into the DNS cache, potentially redirecting DNS queries to attacker-controlled IP addresses. Additionally, this exploitation can lead to a denial-of-service condition by causing Dnsmasq to crash or become unresponsive. The vulnerability affects Dnsmasq versions prior to 2.92rel2.

Impact

Exploitation of this vulnerability can cause Dnsmasq to crash or become unresponsive, disrupting DNS resolution and affecting services that rely on it. Furthermore, the vulnerability allows for DNS cache poisoning, where injected entries can redirect users to malicious domains.

Remediation

Dnsmasq has released version 2.92rel2 to address this vulnerability. Users should update to this version.

Added: May 11, 2026, 6:48 PM

Updated: May 11, 2026, 6:48 PM

Vulnerability Rating

Custom Algorithm

spread

8.1

impact

3.1

exploitability

7.0

remediation

7.7

relevance

8.0

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

8.1

impact

3.1

exploitability

7.0

remediation

7.7

relevance

8.0

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Dnsmasq Heap Buffer Overflow Vulnerability Allowing DNS Cache Poisoning and Denial-of-Service

Vulnerability

Impact

Remediation

Affected Products

dnsmasq

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating