CVE-2026-2291

UNKNOWN NVD

CVSS Score 0

Severity UNKNOWN

Published May 11, 2026

Vendor unknown

Description

dnsmasqs extract_name() function can be abused to cause a heap buffer overflow, allowing an attacker to inject false DNS cache entries, which could result in DNS lookups to redirect to an attacker-controlled IP address, or to cause a DoS.

References

https://thekelleys.org.uk/dnsmasq/doc.html
https://www.kb.cert.org/vuls/id/471747
https://www.suse.com/security/cve/CVE-2026-2291.html