dnsmasq 2.92rel2 Heap OOB via extract_name() can cause Cache Poisoning: CVE-2026-2291 May 2026

dnsmasq 2.92rel2 Heap OOB via extract_name() can cause Cache Poisoning
CVE-2026-2291 Published on May 11, 2026

CVE-2026-2291
dnsmasqs extract_name() function can be abused to cause a heap buffer overflow, allowing an attacker to inject false DNS cache entries, which could result in DNS lookups to redirect to an attacker-controlled IP address, or to cause a DoS.

Vulnerability Analysis

CVE-2026-2291 can be exploited with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to be low. considered to have a small impact on confidentiality and integrity and availability.

Attack Vector:

NETWORK

Attack Complexity:

LOW

Privileges Required:

NONE

User Interaction:

NONE

Scope:

UNCHANGED

Confidentiality Impact:

LOW

Integrity Impact:

LOW

Availability Impact:

LOW

Products Associated with CVE-2026-2291

Want to know whenever a new CVE is published for Canonical Ubuntu Linux? stack.watch will email you.

Affected Versions

dnsmasq 2.92rel2 Heap OOB via extract_name() can cause Cache PoisoningCVE-2026-2291 Published on May 11, 2026

Vulnerability Analysis

Products Associated with CVE-2026-2291

Affected Versions

dnsmasq 2.92rel2 Heap OOB via extract_name() can cause Cache Poisoning
CVE-2026-2291 Published on May 11, 2026