CVE-2025-12198

Name of the Vulnerable Software and Affected Versions dnsmasq versions up to 2.73rc6

Description A flaw exists in dnsmasq that involves a heap-based buffer overflow. This issue is located within the Config File Handler component, specifically in the parse hex function of the src/util.c file. The issue arises from the manipulation of the i argument. Local access is required for exploitation. The exploit for this issue has been publicly disclosed, and the vendor was notified but did not respond.

Recommendations Versions prior to 2.73rc6 are affected. At the moment, there is no information about a newer version that contains a fix for this vulnerability.