CVE-2026-5172

UNKNOWN NVD

CVSS Score 0

Severity UNKNOWN

Published May 11, 2026

Vendor unknown

Description

A buffer overflow in dnsmasq’s extract_addresses() function allows an attacker to trigger a heap out-of-bounds read and crash by exploiting a malformed DNS response, enabling extract_name() to advance the pointer past the record’s end.

References

https://thekelleys.org.uk/dnsmasq/
https://www.kb.cert.org/vuls/id/471747