Alerts This Week
Warning Icon 1 1,149
Alerts This Week
Warning Icon 1 1,149

SUSE dnsmasq Important DoS Buffer Overflow Vuln 2026-21677-1

suse
Calendar Grey May 19, 2026
Dist Suse Esm H88
Critical update for SUSE addressing important issues in dnsmasq including DoS and buffer overflow vulnerabilities.
An update that solves seven vulnerabilities, contains one feature and has two fixes can now be installed.

Summary

## This update for dnsmasq fixes the following issues Security issues: * CVE-2026-2291: dnsmasq can be abused to record false cached data enabling DoS or attacker redirect (bsc#1258251). * CVE-2026-4890: DoS vulnerability in the DNSSEC validation (bsc#1265001). * CVE-2026-4891: heap-based out-of-bounds read vulnerability in the DNSSEC validation (bsc#1265002). * CVE-2026-4892: heap-based out-of-bounds write vulnerability in the DHCPv6 implementation (bsc#1265003). * CVE-2026-4893: information disclosure vulnerability in dnsmasq allows remote attackers to bypass source checks (bsc#1265004). * CVE-2026-5172: buffer overflow in dnsmasq's extract_addresses() function (bsc#1265006). * CVE-2026-6507: out-of-bounds write in DHCP BOOTREPLY processing can lead to denial of service (bsc#1262487).

References

* bsc#1247812

* bsc#1257934

* bsc#1258251

* bsc#1262487

* bsc#1265001

* bsc#1265002

* bsc#1265003

* bsc#1265004

* bsc#1265006

* jsc#PED-266

Cross-

* CVE-2026-2291

* CVE-2026-4890

* CVE-2026-4891

* CVE-2026-4892

* CVE-2026-4893

* CVE-2026-5172

* CVE-2026-6507

CVSS scores:

* CVE-2026-2291 ( SUSE ): 9.2

CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

* CVE-2026-2291 ( SUSE ): 8.1 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

* CVE-2026-2291 ( NVD ): 7.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

* CVE-2026-4890 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

* CVE-2026-4890 ( NVD ): 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

* CVE-2026-4891 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2026:21677-1
Release Date: 2026-05-15T10:43:49Z
Rating: important

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here