Bug 2406466 (CVE-2025-12198)
| Summary: | CVE-2025-12198 dnsmasq: dnsmasq Config File util.c parse_hex heap-based overflow | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | OSIDB Bzimport <bzimport> |
| Component: | vulnerability | Assignee: | Product Security DevOps Team <prodsec-dev> |
| Status: | CLOSED NOTABUG | QA Contact: | |
| Severity: | unspecified | Docs Contact: | |
| Priority: | unspecified | ||
| Version: | unspecified | CC: | pemensik |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | --- | |
| Doc Text: |
A heap-based buffer overflow vulnerability in dnsmasq within the parse_hex() function of src/util.c. When parsing malformed DHCP option values in configuration files, dnsmasq miscalculates the output length and writes beyond the allocated heap buffer. This can cause a crash (Denial of Service) and, in some cases, memory corruption that may enable arbitrary code execution. The flaw is triggered during configuration parsing, so an attacker who can supply or modify the dnsmasq configuration file could exploit it.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2025-11-09 11:12:23 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 2406485, 2406486 | ||
| Bug Blocks: | |||
|
Description
OSIDB Bzimport
2025-10-27 02:01:46 UTC
This was marked as rejected: https://www.cve.org/CVERecord?id=CVE-2025-12198 Please mark it so in all remaining products. There is nothing to fix in dnsmasq. The needinfo request[s] on this closed bug have been removed as they have been unresolved for 120 days or the product is inactive and locked |