Primary

Context

dnsmasq Heap-Based Out-of-Bounds Read Vulnerability in DNSSEC Validation Allowing Denial-of-Service

Vulnerability

Patched

A heap-based out-of-bounds read vulnerability has been identified in dnsmasq's DNSSEC validation. This vulnerability allows remote attackers to leak memory information by sending a crafted DNS packet, potentially leading to a denial-of-service condition by causing the dnsmasq process to crash or become unresponsive.

Impact

Exploitation of this vulnerability causes a denial-of-service condition, where dnsmasq crashes or becomes unresponsive, disrupting DNS resolution and affecting services that rely on it.

Remediation

dnsmasq has released a patch in version 2.92rel2 to address this vulnerability. Users should upgrade to this version.

Added: May 11, 2026, 6:56 PM

Updated: May 11, 2026, 6:56 PM

Vulnerability Rating

Custom Algorithm

spread

8.1

impact

2.5

exploitability

7.7

remediation

7.7

relevance

8.0

threat

3.2

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

8.1

impact

2.5

exploitability

7.7

remediation

7.7

relevance

8.0

threat

3.2

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

dnsmasq Heap-Based Out-of-Bounds Read Vulnerability in DNSSEC Validation Allowing Denial-of-Service

Vulnerability

Impact

Remediation

Affected Products

dnsmasq

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating