Debian 11 dnsmasq Critical DoS Heap Overflow Vulnerability DLA-4625-1
debian lts
June 10, 2026
Several vulnerabilities have been discovered in dnsmasq, a caching DNS proxy and DHCP/TFTP server
Topics Covered
Summary
CVE-2026-2291
dnsmasqs extract_name() function can be abused to cause a heap buffer
overflow, allowing an attacker to inject false DNS cache entries,
which could result in DNS lookups to redirect to an
attacker-controlled IP address, or to cause a DoS.
CVE-2026-4890
A Denial of Service (DoS) vulnerability in the DNSSEC validation of
dnsmasq allows remote attackers to cause a denial of service via a
crafted DNS packet.
CVE-2026-4891
A heap-based out-of-bounds read vulnerability in the DNSSEC validation
of dnsmasq allows remote attackers to cause a denial of service via a
crafted DNS packet.
CVE-2026-4892
A heap-based out-of-bounds write vulnerability in the DHCPv6
implementation of dnsmasq allows local attackers to execute arbitrary
code with root privileges via a crafted DHCPv6 packet.
CVE-2026-4893
An information disclosure vulnerability in dnsmasq allows remote
attackers to bypass source checks via a crafted DNS packet with RFC
PREVIOUS
NEXT
Severity
critical
Lowest
Low
Medium
High
Critical
Package: dnsmasq
Version: 2.85-1+deb11u2
CVE ID: CVE-2026-2291 CVE-2026-4890 CVE-2026-4891 CVE-2026-4892
Topics Covered
Get the latest News and Insights
Get the latest Linux and open source security news straight to your inbox.
Powered By
Linux Security - Your source for Top Linux News, Advisories, HOWTOs and Feature Releases
QUICK LINKS
subscribe to newsletters!
Like staying secure? So do we.
Sign up for updates, tips, and alerts!