Copyright © 2012 Red Hat, Inc. All rights reserved. Moderate 2026-05-09T00:00:00 dnsmasq: dnsmasq: heap buffer overflow in cache via NAME_ESCAPE expansion 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H CWE-131

dnsmasqs extract_name() function can be abused to cause a heap buffer overflow, allowing an attacker to inject false DNS cache entries, which could result in DNS lookups to redirect to an attacker-controlled IP address, or to cause a DoS.

A heap buffer overflow was discovered in dnsmasq's DNS cache. When processing DNS responses, dnsmasq expands certain characters into longer escape sequences, but the cache buffer is not sized to hold the expanded result. A specially crafted DNS response can overflow this buffer, potentially crashing the dnsmasq process or poisoning DNS cache records.

Red Hat rates this issue as Moderate rather than Important. While DNS cache poisoning is possible, a process crash is the most likely outcome of a successful exploit. Also, standard upstream DNS resolvers reject the malformed responses before they reach dnsmasq, limiting exploitation to uncommon configurations where dnsmasq forwards directly to an attacker-controlled server. Red Hat would like to thank Andrew Fasano (NIST) for reporting this issue. Red Hat Enterprise Linux 10 2026-05-19T00:00:00Z RHSA-2026:19158 dnsmasq-0:2.90-7.el10_2 Red Hat Enterprise Linux 8 2026-05-26T00:00:00Z RHSA-2026:20589 dnsmasq-0:2.79-36.el8_10 Red Hat Enterprise Linux 9 2026-05-19T00:00:00Z RHSA-2026:19373 dnsmasq-0:2.85-18.el9_8.1 Red Hat Enterprise Linux 6 Out of support scope dnsmasq Red Hat Enterprise Linux 7 Affected dnsmasq Red Hat OpenShift Container Platform 4 Affected rhcos https://www.cve.org/CVERecord?id=CVE-2026-2291 https://nvd.nist.gov/vuln/detail/CVE-2026-2291