PT-2026-39648 · Dnsmasq+3 · Dnsmasq+3

Andrew Fasano

+4

·

Published

2026-05-09

·

Updated

2026-06-18

·

CVE-2026-2291

CVSS v3.1

7.3

High

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
Name of the Vulnerable Software and Affected Versions dnsmasq (affected versions not specified)
Description The extract name() function can be abused to cause a heap buffer overflow, a condition where data exceeds the allocated memory buffer on the heap. This allows an attacker to inject false DNS cache entries, potentially redirecting DNS lookups to an attacker-controlled IP address or causing a Denial of Service (DoS).
Recommendations At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Found an issue in the description? Have something to add? Feel free to write us 👾

Related Identifiers

ALSA-2026:19158
ALSA-2026:19373
ALSA-2026:20589
CVE-2026-2291
OESA-2026-2435
OESA-2026-2436
OESA-2026-2437
OESA-2026-2438
OESA-2026-2509
OPENSUSE-SU-2026:10821-1
RHSA-2026:19158
RHSA-2026:19373
RHSA-2026:20589
SUSE-SU-2026:2458-1
USN-8268-1

Affected Products

Linuxmint
Rocky Linux
Ubuntu
Dnsmasq