CVE-2026-12725
CVE-2026-12725CVE-2026-12725
redhat / openshift_container_platform
Description
A heap-based buffer overflow was found in dnsmasq. When DNSSEC validation and
query logging are both enabled, logging of DS or DNSKEY replies containing
unsupported algorithm or digest types can cause dnsmasq to write past the end
of an internal logging buffer. A remote attacker able to supply such a DNS
response may crash the dnsmasq process, resulting in denial of service.
Scoring
| CVSS | 5.9 () |
| Vector | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H |
| Last modified | 2026-07-08 |