CVE-2026-12725 | A heap-based buffer overflow was found in dnsmasq. When DNSS… | CVSS 5.9 MEDIUM

Description

A heap-based buffer overflow was found in dnsmasq. When DNSSEC validation and query logging are both enabled, logging of DS or DNSKEY replies containing unsupported algorithm or digest types can cause dnsmasq to write past the end of an internal logging buffer. A remote attacker able to supply such a DNS response may crash the dnsmasq process, resulting in denial of service.

Metadata

CVE ID: CVE-2026-12725
State: PUBLISHED
Assigner: redhat
Reserved: 2026-06-19 14:44 UTC
Published: 2026-06-22 13:55 UTC
Last updated: 2026-06-22 18:20 UTC
Primary CWE: CWE-122
Heap-based Buffer Overflow
Vendor / Product: Red Hat / Red Hat Enterprise Linux 10
Sources: cve.org · NVD

Severity & Metrics

5.9 MEDIUM CVSS 3.1

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

SSVC — CISA Coordinator

Exploitation: none
Automatable: no
Tech. Impact: partial

Affected products (6)

Vendor	Product	Platform	Versions
Red Hat	Red Hat Enterprise Linux 10	—	—
Red Hat	Red Hat Enterprise Linux 6	—	—
Red Hat	Red Hat Enterprise Linux 7	—	—
Red Hat	Red Hat Enterprise Linux 8	—	—
Red Hat	Red Hat Enterprise Linux 9	—	—
Red Hat	Red Hat OpenShift Container Platform 4	—	—

Weakness (CWE)

CWE	Source	Description
CWE-122	cna	Heap-based Buffer Overflow

CVSS scores (1)

Score	Severity	Version	Source	Vector
5.9	MEDIUM	3.1	cna	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

References (2)