PatchSiren

PatchSiren cyber security CVE debrief

CVE-2026-5172 dnsmasq CVE debrief

CVE-2026-5172 is a high-severity buffer overflow vulnerability in dnsmasq's extract_addresses() function. An attacker can exploit this vulnerability to trigger a heap out-of-bounds read and crash by exploiting a malformed DNS response, enabling extract_name() to advance the pointer past the record’s end. The vulnerability has a CVSS score of 7.3 and is classified as HIGH. The CVE was published on May 11, 2026, and last modified on June 30, 2026.

Vendor
dnsmasq
Product
Unknown
CVSS
HIGH 7.3
CISA KEV
Not listed in stored evidence
Original CVE published
2026-05-11
Original CVE updated
2026-06-30
Advisory published
2026-05-11
Advisory updated
2026-06-30

Who should care

Organizations using dnsmasq in their infrastructure should prioritize patching this vulnerability. The vulnerability can be exploited by an attacker to cause a denial-of-service (DoS) condition. Additionally, security teams should review their inventory of affected systems and apply patches or mitigations as soon as possible.

Technical summary

The vulnerability exists in the extract_addresses() function of dnsmasq, where an attacker can exploit a malformed DNS response to trigger a heap out-of-bounds read. This can cause the program to crash. The vulnerability is due to improper handling of DNS responses, allowing an attacker to advance the pointer past the record's end using the extract_name() function. The CVSS vector for this vulnerability is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L.

Defensive priority

High priority should be given to patching this vulnerability, as it can be exploited to cause a DoS condition. Security teams should review their inventory of affected systems and apply patches or mitigations as soon as possible.

Recommended defensive actions

  • Apply patches or updates to dnsmasq to fix the buffer overflow vulnerability.
  • Review inventory of affected systems and prioritize patching.
  • Implement network segmentation to limit the attack surface.
  • Monitor DNS responses for suspicious activity.
  • Consider implementing compensating controls, such as rate limiting or IP blocking.

Evidence notes

The CVE record and NVD detail provide information on the vulnerability, including its CVSS score and vector. Additional references, such as GitHub pull requests and CERT advisories, provide further context and potential mitigations.

Official resources

This article is AI-assisted and based on the supplied source corpus.