Description
dnsmasqs extract_name() function can be abused to cause a heap buffer overflow, allowing an attacker to inject false DNS cache entries, which could result in DNS lookups to redirect to an attacker-controlled IP address, or to cause a DoS.
Published: 2026-05-11
Score: 6.5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

dnsmasq’s extract_name() function contains a heap buffer overflow that can be triggered by specially crafted DNS queries. The overflow can overwrite portions of the DNS cache, allowing an attacker to insert arbitrary domain‑to‑IP mappings. This can redirect traffic to malicious hosts or, if exploited to corrupt critical cache entries, interrupt DNS resolution for clients, effectively causing a denial of service.

Affected Systems

The vulnerability applies to the dnsmasq daemon. The advisory does not list specific version numbers, so all deployments of dnsmasq are considered potentially vulnerable until a release that removes the flaw is installed. System administrators should verify the version of dnsmasq running on each DNS host and compare it against vendor updates.

Risk and Exploitability

The EPSS score is < 1% and the vulnerability is not listed in CISA’s KEV catalog, so the exploitation probability is low but non‑zero. However, the flaw is reachable via network‑attached DNS queries, requires no local privilege, and provides a direct remote attack path to alter DNS cache contents or crash the service. Because the attack can happen from any remote host that can send DNS packets to the daemon, the risk is significant for exposed DNS servers that do not employ strict access controls or additional validation.

Generated by OpenCVE AI on May 13, 2026 at 03:20 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update dnsmasq to the latest released version that contains the fix, following vendor advisories
  • Restrict inbound DNS traffic to trusted network segments or specific IP addresses using firewall rules, limiting which hosts can query the server
  • Implement DNSSEC validation and monitor cache integrity to detect unexpected changes, reducing the impact of any residual cache poisoning attempts

Generated by OpenCVE AI on May 13, 2026 at 03:20 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DSA Debian DSA DSA-6264-1 dnsmasq security update
History

Wed, 13 May 2026 02:45:00 +0000

Type Values Removed Values Added
Weaknesses CWE-122
CWE-20

Wed, 13 May 2026 00:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-131
References
Metrics threat_severity

None

 cvssV3_1

{'score': 6.5, 'vector': 'CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H'}

threat_severity

Moderate

Mon, 11 May 2026 20:45:00 +0000

Type Values Removed Values Added
References

Mon, 11 May 2026 19:30:00 +0000

Type Values Removed Values Added
References

Mon, 11 May 2026 19:15:00 +0000

Type Values Removed Values Added
Weaknesses CWE-122
CWE-20

Mon, 11 May 2026 18:45:00 +0000

Type Values Removed Values Added
First Time appeared Dnsmasq
Dnsmasq dnsmasq
Vendors & Products Dnsmasq
Dnsmasq dnsmasq
References

Mon, 11 May 2026 17:30:00 +0000

Type Values Removed Values Added
Description dnsmasqs extract_name() function can be abused to cause a heap buffer overflow, allowing an attacker to inject false DNS cache entries, which could result in DNS lookups to redirect to an attacker-controlled IP address, or to cause a DoS.
Title CVE-2026-2291
References

Subscriptions

Dnsmasq Dnsmasq
cve-icon MITRE

Status: PUBLISHED

Assigner: certcc

Published:

Updated: 2026-05-11T19:59:05.194Z

Reserved: 2026-02-10T15:41:17.169Z

Link: CVE-2026-2291

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-11T18:16:31.363

Modified: 2026-05-12T14:15:46.747

Link: CVE-2026-2291

cve-icon Redhat

Severity : Moderate

Publid Date: 2026-05-09T00:00:00Z

Links: CVE-2026-2291 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-13T03:30:06Z

Weaknesses