PatchSiren

dnsmasq CVE debriefs

These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.

HIGH dnsmasq CVE published 2026-05-11

CVE-2026-5172

CVE-2026-5172 is a high-severity buffer overflow vulnerability in dnsmasq's extract_addresses() function. An attacker can exploit this vulnerability to trigger a heap out-of-bounds read and crash by exploiting a malformed DNS response, enabling extract_name() to advance the pointer past the record’s end. The vulnerability has a CVSS score of 7.3 and is classified as HIGH. The CVE was published on May 11, [truncated]

HIGH dnsmasq CVE published 2026-05-11

CVE-2026-4892

CVE-2026-4892 is a heap-based out-of-bounds write vulnerability in the DHCPv6 implementation of dnsmasq. This vulnerability allows local attackers to execute arbitrary code with root privileges via a crafted DHCPv6 packet. The vulnerability has a CVSS score of 8.4 and is classified as HIGH severity. The CVE was published on May 11, 2026, and last modified on June 30, 2026. The vulnerability affects dnsmas [truncated]

HIGH dnsmasq CVE published 2026-05-11

CVE-2026-4890

CVE-2026-4890 is a high-severity Denial of Service (DoS) vulnerability in dnsmasq's DNSSEC validation. Remote attackers can exploit this vulnerability via a crafted DNS packet, potentially causing service disruption. The vulnerability has a CVSS score of 7.5 and is considered HIGH severity. The CVE was published on May 11, 2026, and last modified on June 30, 2026. The vendor information is currently unkno [truncated]