Description
A buffer overflow in dnsmasq’s extract_addresses() function allows an attacker to trigger a heap out-of-bounds read and crash by exploiting a malformed DNS response, enabling extract_name() to advance the pointer past the record’s end.
Published: 2026-05-11
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a buffer overflow in dnsmasq's extract_addresses() function that leads to a heap out‑of‑bounds read. A malicious DNS responder can construct a malformed DNS response that causes the server to read past the end of a record, triggering a crash. This results in a denial of service of the DNS service, affecting the availability of name resolution for clients. The weakness corresponds to CWE‑125, an out‑of‑bounds read.

Affected Systems

The affected product is dnsmasq, an open‑source DNS and DHCP server, typically used on embedded and small‑scale networks. No specific version information is available in the advisory, so any installation that has not yet been updated to a release that patches the bug may be vulnerable.

Risk and Exploitability

The flaw can be exercised over the network by an adversary who can send crafted DNS responses to a dnsmasq server, so broadcast or unicast traffic can trigger the crash. The CVSS score is 7.5, EPSS < 1%, and the vulnerability is not listed in CISA’s KEV catalog, indicating a moderate severity but low exploitation probability. However, because a misbehaving DNS server can disrupt service for all clients, the potential impact remains significant, and the lack of a patch or mitigation increases the risk for exposed systems.

Generated by OpenCVE AI on May 13, 2026 at 02:23 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade dnsmasq to the latest stable release once a patch addressing the heap read overflow is published.
  • Configure network filtering or a DNS firewall to reject DNS responses that exceed the maximum allowed packet size or contain invalid record lengths.
  • Enable logging and monitoring of DNS traffic to detect anomalous responses that could indicate an exploitation attempt and apply appropriate incident response procedures.

Generated by OpenCVE AI on May 13, 2026 at 02:23 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
Debian DSA Debian DSA DSA-6264-1 dnsmasq security update
History

Wed, 13 May 2026 00:15:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

 cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H'}

threat_severity

Important

Mon, 11 May 2026 20:45:00 +0000

Type Values Removed Values Added
References

Mon, 11 May 2026 19:30:00 +0000

Type Values Removed Values Added
References

Mon, 11 May 2026 19:00:00 +0000

Type Values Removed Values Added
First Time appeared Dnsmasq
Dnsmasq dnsmasq
Weaknesses CWE-125
Vendors & Products Dnsmasq
Dnsmasq dnsmasq

Mon, 11 May 2026 18:45:00 +0000

Type Values Removed Values Added
References

Mon, 11 May 2026 17:30:00 +0000

Type Values Removed Values Added
Description A buffer overflow in dnsmasq’s extract_addresses() function allows an attacker to trigger a heap out-of-bounds read and crash by exploiting a malformed DNS response, enabling extract_name() to advance the pointer past the record’s end.
Title CVE-2026-5172
References

Subscriptions

Dnsmasq Dnsmasq
cve-icon MITRE

Status: PUBLISHED

Assigner: certcc

Published:

Updated: 2026-05-11T19:57:28.843Z

Reserved: 2026-03-30T15:54:52.205Z

Link: CVE-2026-5172

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-05-11T18:16:41.920

Modified: 2026-05-12T14:15:46.747

Link: CVE-2026-5172

cve-icon Redhat

Severity : Important

Publid Date: 2026-05-09T00:00:00Z

Links: CVE-2026-5172 - Bugzilla

cve-icon OpenCVE Enrichment

Updated: 2026-05-13T02:30:16Z

Weaknesses