CVE-2026-12725

medium

Description

A heap-based buffer overflow was found in dnsmasq. When DNSSEC validation and query logging are both enabled, logging of DS or DNSKEY replies containing unsupported algorithm or digest types can cause dnsmasq to write past the end of an internal logging buffer. A remote attacker able to supply such a DNS response may crash the dnsmasq process, resulting in denial of service.

References

https://bugzilla.redhat.com/show_bug.cgi?id=2490763

https://access.redhat.com/security/cve/CVE-2026-12725

Details

Source: Mitre, NVD

Published: 2026-06-22

Updated: 2026-06-22

Risk Information

CVSS v2

Base Score: 5.4

Vector: CVSS2#AV:N/AC:H/Au:N/C:N/I:N/A:C

Severity: Medium

CVSS v3

Base Score: 5.9

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H