2458516 – (CVE-2026-4890) CVE-2026-4890 dnsmasq: NSEC bitmap parsing infinite loop

Bug 2458516 (CVE-2026-4890) - CVE-2026-4890 dnsmasq: NSEC bitmap parsing infinite loop

Summary: CVE-2026-4890 dnsmasq: NSEC bitmap parsing infinite loop

Keywords:
Status:	NEW
Alias:	CVE-2026-4890
Deadline:	2026-05-09
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	high
Severity:	high
Target Milestone:	---
Assignee:	Product Security DevOps Team
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2026-04-14 22:39 UTC by OSIDB Bzimport
Modified:	2026-05-12 17:02 UTC (History)
CC List:	3 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description OSIDB Bzimport 2026-04-14 22:39:35 UTC

NSEC/NSEC3 bitmap window iteration in dnssec.c advances by p[1] instead of p[1] + 2, missing the 2-byte window header. When bitmap_length=0, neither rdlen nor p change, creating an infinite loop. Two instances at dnssec.c:1290 and dnssec.c:1450. Reachable before RRSIG validation so no valid signatures are needed. One of the two sites was coincidentally fixed in 2.92. Fix: add +2 to both the pointer advance and rdlen decrement.

Note You need to log in before you can comment on or make changes to this bug.