CVE-2026-12725
Public on 2026-06-22
Modified on 2026-06-24
Description
A heap-based buffer overflow was found in dnsmasq. When DNSSEC validation and
query logging are both enabled, logging of DS or DNSKEY replies containing
unsupported algorithm or digest types can cause dnsmasq to write past the end
of an internal logging buffer. A remote attacker able to supply such a DNS
response may crash the dnsmasq process, resulting in denial of service.
query logging are both enabled, logging of DS or DNSKEY replies containing
unsupported algorithm or digest types can cause dnsmasq to write past the end
of an internal logging buffer. A remote attacker able to supply such a DNS
response may crash the dnsmasq process, resulting in denial of service.
CVSS v3 Base Score
See breakdown
Affected Packages
| Platform | Package | Release Date | Advisory | Status |
|---|---|---|---|---|
| Amazon Linux 2 - Dnsmasq Extra | dnsmasq | Pending Fix | ||
| Amazon Linux 2 - Core | dnsmasq | Not Affected | ||
| Amazon Linux 2 - Dnsmasq2.85 Extra | dnsmasq | No Fix Planned | ||
| Amazon Linux 2023 | dnsmasq | Pending Fix |
CVSS Scores
| Score Type | Score | Vector | |
|---|---|---|---|
| Amazon Linux | CVSSv3 | 5.9 | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H |