PatchSiren cyber security CVE debrief
CVE-2026-5172 dnsmasq CVE debrief
CVE-2026-5172 is a high-severity buffer overflow vulnerability in dnsmasq's extract_addresses() function. An attacker can exploit this vulnerability to trigger a heap out-of-bounds read and crash by exploiting a malformed DNS response, enabling extract_name() to advance the pointer past the record’s end. The vulnerability has a CVSS score of 7.3 and is classified as HIGH. The CVE was published on May 11, 2026, and last modified on June 30, 2026.
- Vendor
- dnsmasq
- Product
- Unknown
- CVSS
- HIGH 7.3
- CISA KEV
- Not listed in stored evidence
- Original CVE published
- 2026-05-11
- Original CVE updated
- 2026-06-30
- Advisory published
- 2026-05-11
- Advisory updated
- 2026-06-30
Who should care
Organizations using dnsmasq in their infrastructure should prioritize patching this vulnerability. The vulnerability can be exploited by an attacker to cause a denial-of-service (DoS) condition. Additionally, security teams should review their inventory of affected systems and apply patches or mitigations as soon as possible.
Technical summary
The vulnerability exists in the extract_addresses() function of dnsmasq, where an attacker can exploit a malformed DNS response to trigger a heap out-of-bounds read. This can cause the program to crash. The vulnerability is due to improper handling of DNS responses, allowing an attacker to advance the pointer past the record's end using the extract_name() function. The CVSS vector for this vulnerability is CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L.
Defensive priority
High priority should be given to patching this vulnerability, as it can be exploited to cause a DoS condition. Security teams should review their inventory of affected systems and apply patches or mitigations as soon as possible.
Recommended defensive actions
- Apply patches or updates to dnsmasq to fix the buffer overflow vulnerability.
- Review inventory of affected systems and prioritize patching.
- Implement network segmentation to limit the attack surface.
- Monitor DNS responses for suspicious activity.
- Consider implementing compensating controls, such as rate limiting or IP blocking.
Evidence notes
The CVE record and NVD detail provide information on the vulnerability, including its CVSS score and vector. Additional references, such as GitHub pull requests and CERT advisories, provide further context and potential mitigations.
Official resources
-
CVE-2026-5172 CVE record
CVE.org
-
CVE-2026-5172 NVD detail
NVD
-
Source item URL
nvd_modified
- Source reference
- Source reference
- Source reference
- Source reference
- Source reference
- Source reference
-
Source reference
0b0ca135-0b70-47e7-9f44-1890c2a1c46c
This article is AI-assisted and based on the supplied source corpus.