Nixpkgs security tracker

Login with GitHub

Suggestions search

Published
Filter by:
With package: dnsmasq

Found 7 matching suggestions

View:
Compact
Detailed
Permalink CVE-2026-4893
5.3 MEDIUM
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): Low (L)
  • Privileges Required (PR): None (N)
  • User Interaction (UI): None (N)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): Low (L)
  • Integrity (I): None (N)
  • Availability (A): None (N)
  • Modified Attack Vector (MAV): Network (N)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Privileges Required (MPR): None (N)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): Low (L)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): None (N)
  • Modified Availability (MA): None (N)
updated 1 month, 2 weeks ago by @LeSuisse Activity log
  • Created suggestion 1 month, 2 weeks ago
  • @LeSuisse ignored
    2 references
    1 month, 2 weeks ago
  • @LeSuisse ignored package prometheus-dnsmasq-exporter 1 month, 2 weeks ago
  • @LeSuisse accepted 1 month, 2 weeks ago
  • @LeSuisse ignored maintainer @fpletz 1 month, 2 weeks ago maintainer.ignore
  • @LeSuisse published on GitHub 1 month, 2 weeks ago
CVE-2026-4893

An information disclosure vulnerability in dnsmasq allows remote attackers to bypass source checks via a crafted DNS packet with RFC 7871 client subnet information.

Affected products

dnsmasq
  • ==2.92rel2

Matching in nixpkgs

pkgs.dnsmasq

Integrated DNS, DHCP and TFTP server for small networks

  • nixos-unstable 2.92
    • nixpkgs-unstable 2.92
    • nixos-unstable-small 2.92
Ignored packages (1)

Package maintainers

Ignored maintainers (1)
Permalink CVE-2026-5172
updated 1 month, 2 weeks ago by @LeSuisse Activity log
  • Created suggestion 1 month, 2 weeks ago
  • @LeSuisse ignored
    2 references
    1 month, 2 weeks ago
  • @LeSuisse ignored package prometheus-dnsmasq-exporter 1 month, 2 weeks ago
  • @LeSuisse ignored maintainer @fpletz 1 month, 2 weeks ago maintainer.ignore
  • @LeSuisse accepted 1 month, 2 weeks ago
  • @LeSuisse published on GitHub 1 month, 2 weeks ago
CVE-2026-5172

A buffer overflow in dnsmasq’s extract_addresses() function allows an attacker to trigger a heap out-of-bounds read and crash by exploiting a malformed DNS response, enabling extract_name() to advance the pointer past the record’s end.

Affected products

dnsmasq
  • ==2.92rel2

Matching in nixpkgs

pkgs.dnsmasq

Integrated DNS, DHCP and TFTP server for small networks

  • nixos-unstable 2.92
    • nixpkgs-unstable 2.92
    • nixos-unstable-small 2.92
Ignored packages (1)

Package maintainers

Ignored maintainers (1)
Permalink CVE-2026-2291
updated 1 month, 2 weeks ago by @LeSuisse Activity log
CVE-2026-2291

dnsmasqs extract_name() function can be abused to cause a heap buffer overflow, allowing an attacker to inject false DNS cache entries, which could result in DNS lookups to redirect to an attacker-controlled IP address, or to cause a DoS.

Affected products

dnsmasq
  • ==2.92rel2

Matching in nixpkgs

pkgs.dnsmasq

Integrated DNS, DHCP and TFTP server for small networks

  • nixos-unstable 2.92
    • nixpkgs-unstable 2.92
    • nixos-unstable-small 2.92
Ignored packages (1)

Package maintainers

Ignored maintainers (1)
Permalink CVE-2026-4892
8.4 HIGH
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Local (L)
  • Attack Complexity (AC): Low (L)
  • Privileges Required (PR): None (N)
  • User Interaction (UI): None (N)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): High (H)
  • Integrity (I): High (H)
  • Availability (A): High (H)
  • Modified Attack Vector (MAV): Local (L)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Privileges Required (MPR): None (N)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): High (H)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): High (H)
  • Modified Availability (MA): High (H)
updated 1 month, 2 weeks ago by @LeSuisse Activity log
CVE-2026-4892

A heap-based out-of-bounds write vulnerability in the DHCPv6 implementation of dnsmasq allows local attackers to execute arbitrary code with root privileges via a crafted DHCPv6 packet.

Affected products

dnsmasq
  • ==2.92rel2

Matching in nixpkgs

pkgs.dnsmasq

Integrated DNS, DHCP and TFTP server for small networks

  • nixos-unstable 2.92
    • nixpkgs-unstable 2.92
    • nixos-unstable-small 2.92
Ignored packages (1)

Package maintainers

Ignored maintainers (1)
Permalink CVE-2026-4891
5.3 MEDIUM
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): Low (L)
  • Privileges Required (PR): None (N)
  • User Interaction (UI): None (N)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): Low (L)
  • Integrity (I): None (N)
  • Availability (A): None (N)
  • Modified Attack Vector (MAV): Network (N)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Privileges Required (MPR): None (N)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): Low (L)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): None (N)
  • Modified Availability (MA): None (N)
updated 1 month, 2 weeks ago by @LeSuisse Activity log
  • Created suggestion 1 month, 2 weeks ago
  • @LeSuisse ignored package prometheus-dnsmasq-exporter 1 month, 2 weeks ago
  • @LeSuisse ignored maintainer @fpletz 1 month, 2 weeks ago maintainer.ignore
  • @LeSuisse ignored
    2 references
    1 month, 2 weeks ago
  • @LeSuisse accepted 1 month, 2 weeks ago
  • @LeSuisse published on GitHub 1 month, 2 weeks ago
CVE-2026-4891

A heap-based out-of-bounds read vulnerability in the DNSSEC validation of dnsmasq allows remote attackers to cause a denial of service via a crafted DNS packet.

Affected products

dnsmasq
  • ==2.92rel2

Matching in nixpkgs

pkgs.dnsmasq

Integrated DNS, DHCP and TFTP server for small networks

  • nixos-unstable 2.92
    • nixpkgs-unstable 2.92
    • nixos-unstable-small 2.92
Ignored packages (1)

Package maintainers

Ignored maintainers (1)
Permalink CVE-2026-4890
7.5 HIGH
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): Low (L)
  • Privileges Required (PR): None (N)
  • User Interaction (UI): None (N)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): None (N)
  • Integrity (I): None (N)
  • Availability (A): High (H)
  • Modified Attack Vector (MAV): Network (N)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Privileges Required (MPR): None (N)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): None (N)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): None (N)
  • Modified Availability (MA): High (H)
updated 1 month, 2 weeks ago by @LeSuisse Activity log
  • Created suggestion 1 month, 2 weeks ago
  • @LeSuisse ignored
    2 references
    1 month, 2 weeks ago
  • @LeSuisse ignored package prometheus-dnsmasq-exporter 1 month, 2 weeks ago
  • @LeSuisse ignored maintainer @fpletz 1 month, 2 weeks ago maintainer.ignore
  • @LeSuisse accepted 1 month, 2 weeks ago
  • @LeSuisse published on GitHub 1 month, 2 weeks ago
CVE-2026-4890

A Denial of Service (DoS) vulnerability in the DNSSEC validation of dnsmasq allows remote attackers to cause a denial of service via a crafted DNS packet.

Affected products

dnsmasq
  • ==2.92rel2

Matching in nixpkgs

pkgs.dnsmasq

Integrated DNS, DHCP and TFTP server for small networks

  • nixos-unstable 2.92
    • nixpkgs-unstable 2.92
    • nixos-unstable-small 2.92
Ignored packages (1)

Package maintainers

Ignored maintainers (1)
Permalink CVE-2026-6507
7.5 HIGH
  • CVSS version (CVSS): 3.1
  • Attack Vector (AV): Network (N)
  • Attack Complexity (AC): Low (L)
  • Privileges Required (PR): None (N)
  • User Interaction (UI): None (N)
  • Scope (S): Unchanged (U)
  • Confidentiality (C): None (N)
  • Integrity (I): None (N)
  • Availability (A): High (H)
  • Modified Attack Vector (MAV): Network (N)
  • Modified Attack Complexity (MAC): Low (L)
  • Modified Privileges Required (MPR): None (N)
  • Modified User Interaction (MUI): None (N)
  • Modified Confidentiality (MC): None (N)
  • Modified Scope (MS): Unchanged (U)
  • Modified Integrity (MI): None (N)
  • Modified Availability (MA): High (H)
updated 2 months, 1 week ago by @LeSuisse Activity log
  • Created suggestion 2 months, 1 week ago
  • @LeSuisse ignored package prometheus-dnsmasq-exporter 2 months, 1 week ago
  • @LeSuisse accepted 2 months, 1 week ago
  • @LeSuisse published on GitHub 2 months, 1 week ago
Dnsmasq: dnsmasq: denial of service due to out-of-bounds write in dhcp bootreply processing

A flaw was found in dnsmasq. A remote attacker could exploit an out-of-bounds write vulnerability by sending a specially crafted BOOTREPLY (Bootstrap Protocol Reply) packet to a dnsmasq server configured with the `--dhcp-split-relay` option. This can lead to memory corruption, causing the dnsmasq daemon to crash and resulting in a denial of service (DoS).

References

Affected products

rhcos
dnsmasq

Matching in nixpkgs

pkgs.dnsmasq

Integrated DNS, DHCP and TFTP server for small networks

  • nixos-unstable 2.92
    • nixpkgs-unstable 2.92
    • nixos-unstable-small 2.92
Ignored packages (1)

Package maintainers