Heap-Based Buffer Overflow Vulnerability in dnsmasq Affects Red Hat
CVE-2026-12725

5.9MEDIUM

Key Information:

Vendor: Red Hat
Status: Red Hat Enterprise Linux 10; Red Hat Enterprise Linux 6; Red Hat Enterprise Linux 7; Red Hat Enterprise Linux 8
Vendor: CVE Published:; 22 June 2026

What is CVE-2026-12725?

A serious vulnerability exists in dnsmasq that can lead to a heap-based buffer overflow under specific conditions. When both DNSSEC validation and query logging are enabled, logging certain types of DNS responses—specifically those containing unsupported algorithm or digest types—can cause dnsmasq to write beyond the allocated bounds of the internal logging buffer. If an attacker can send this type of DNS response, the dnsmasq service may be forced to crash, resulting in a denial of service, impacting network operations.

References

https://access.redhat.com/security/cve/CVE-2026-12725

vdb-entryx_refsource_REDHAT

https://bugzilla.redhat.com/show_bug.cgi?id=2490763

issue-trackingx_refsource_REDHAT

CVSS V3.1

Score:

5.9

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jun 22, 2026
Vulnerability Reserved
Jun 19, 2026

Credit

Red Hat would like to thank Yiwei Hou (UC Berkeley) for reporting this issue.

CVE-2026-12725 Data

JSON