CVE-2026-5172

Summary

A buffer overflow in dnsmasq’s extract_addresses() function allows an attacker to trigger a heap out-of-bounds read and crash by exploiting a malformed DNS response, enabling extract_name() to advance the pointer past the record’s end.

Affected Software

VendorProductVersion RangeStatus
dnsmasqdnsmasq0 < 2.92rel2affected

Weaknesses

  • CWE-787: Out-of-bounds Write

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

dnsmasq: extract_addresses() OOB read via malformed rdlen

Additional References

References