CVE Vulnerabilities

CVE-2026-2291

Published: May 11, 2026 | Modified: Jun 17, 2026
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
RedHat/V2
RedHat/V3
6.5 MODERATE
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H
Ubuntu
MEDIUM
root.io logo minimus.io logo echo.ai logo

dnsmasqs extract_name() function can be abused to cause a heap buffer overflow, allowing an attacker to inject false DNS cache entries, which could result in DNS lookups to redirect to an attacker-controlled IP address, or to cause a DoS.

Affected Software

NameVendorStart VersionEnd Version
Red Hat Enterprise Linux 10RedHatdnsmasq-0:2.90-7.el10_2*
Red Hat Enterprise Linux 8RedHatdnsmasq-0:2.79-36.el8_10*
Red Hat Enterprise Linux 9RedHatdnsmasq-0:2.85-18.el9_8.1*
Red Hat Enterprise Linux 9.6 Extended Update SupportRedHatdnsmasq-0:2.85-17.el9_6.1*
DnsmasqUbuntudevel*
DnsmasqUbuntuesm-infra-legacy/trusty*
DnsmasqUbuntuesm-infra-legacy/xenial*
DnsmasqUbuntuesm-infra/bionic*
DnsmasqUbuntuesm-infra/focal*
DnsmasqUbuntuesm-infra/xenial*
DnsmasqUbuntujammy*
DnsmasqUbuntunoble*
DnsmasqUbuntuquesting*
DnsmasqUbunturesolute*

References