Home

Description

A heap-based buffer overflow was found in dnsmasq. When DNSSEC validation and query logging are both enabled, logging of DS or DNSKEY replies containing unsupported algorithm or digest types can cause dnsmasq to write past the end of an internal logging buffer. A remote attacker able to supply such a DNS response may crash the dnsmasq process, resulting in denial of service.

PUBLISHED Reserved 2026-06-19 | Published 2026-06-22 | Updated 2026-06-22 | Assigner redhat




MEDIUM: 5.9CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Problem types

Heap-based Buffer Overflow

Product status

Default status
affected

Default status
unaffected

Default status
unaffected

Default status
affected

Default status
affected

Default status
affected

Timeline

2026-06-19:Reported to Red Hat.
2026-04-21:Made public.

Credits

Red Hat would like to thank Yiwei Hou (UC Berkeley) for reporting this issue.

References

access.redhat.com/security/cve/CVE-2026-12725 vdb-entry

bugzilla.redhat.com/show_bug.cgi?id=2490763 (RHBZ#2490763) issue-tracking

cve.org (CVE-2026-12725)

nvd.nist.gov (CVE-2026-12725)

Download JSON