{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-2291", "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b", "state": "PUBLISHED", "assignerShortName": "certcc", "dateReserved": "2026-02-10T15:41:17.169Z", "datePublished": "2026-05-11T16:47:01.981Z", "dateUpdated": "2026-05-13T12:45:01.944Z"}, "containers": {"cna": {"title": "CVE-2026-2291", "descriptions": [{"lang": "en", "value": "dnsmasqs extract_name() function can be abused to cause a heap buffer overflow, allowing an attacker to inject false DNS cache entries, which could result in DNS lookups to redirect to an attacker-controlled IP address, or to cause a DoS."}], "source": {"discovery": "UNKNOWN"}, "affected": [{"vendor": "dnsmasq", "product": "dnsmasq", "versions": [{"status": "affected", "version": "2.92rel2"}]}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-190: Integer Overflow or Wraparound"}]}], "references": [{"url": "https://www.suse.com/security/cve/CVE-2026-2291.html"}, {"url": "https://www.kb.cert.org/vuls/id/471747"}, {"url": "https://thekelleys.org.uk/dnsmasq/CVE/"}, {"url": "https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2026q2/018471.html"}, {"url": "https://github.com/NixOS/nixpkgs/pull/519082"}, {"url": "https://github.com/NixOS/nixpkgs/pull/519093"}, {"url": "https://github.com/pi-hole/FTL/releases/tag/v6.6.2"}], "x_generator": {"engine": "VINCE 3.0.39", "env": "prod", "origin": "https://cveawg.mitre.org/api/cve/CVE-2026-2291"}, "providerMetadata": {"orgId": "37e5125f-f79b-445b-8fad-9564f167944b", "shortName": "certcc", "dateUpdated": "2026-05-11T19:59:05.194Z"}}, "adp": [{"metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.3, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-05-13T12:38:54.623336Z", "id": "CVE-2026-2291", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-05-13T12:45:01.944Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.3, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "integrityImpact": "LOW", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2026-2291", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-05-13T12:38:54.623336Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-05-13T12:44:56.123Z"}}], "cna": {"title": "CVE-2026-2291", "source": {"discovery": "UNKNOWN"}, "affected": [{"vendor": "dnsmasq", "product": "dnsmasq", "versions": [{"status": "affected", "version": "2.92rel2"}]}], "references": [{"url": "https://www.suse.com/security/cve/CVE-2026-2291.html"}, {"url": "https://www.kb.cert.org/vuls/id/471747"}, {"url": "https://thekelleys.org.uk/dnsmasq/CVE/"}, {"url": "https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2026q2/018471.html"}, {"url": "https://github.com/NixOS/nixpkgs/pull/519082"}, {"url": "https://github.com/NixOS/nixpkgs/pull/519093"}, {"url": "https://github.com/pi-hole/FTL/releases/tag/v6.6.2"}], "x_generator": {"env": "prod", "engine": "VINCE 3.0.39", "origin": "https://cveawg.mitre.org/api/cve/CVE-2026-2291"}, "descriptions": [{"lang": "en", "value": "dnsmasqs extract_name() function can be abused to cause a heap buffer overflow, allowing an attacker to inject false DNS cache entries, which could result in DNS lookups to redirect to an attacker-controlled IP address, or to cause a DoS."}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-190: Integer Overflow or Wraparound"}]}], "providerMetadata": {"orgId": "37e5125f-f79b-445b-8fad-9564f167944b", "shortName": "certcc", "dateUpdated": "2026-05-11T19:59:05.194Z"}}}, "cveMetadata": {"cveId": "CVE-2026-2291", "state": "PUBLISHED", "dateUpdated": "2026-05-13T12:45:01.944Z", "dateReserved": "2026-02-10T15:41:17.169Z", "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b", "datePublished": "2026-05-11T16:47:01.981Z", "assignerShortName": "certcc"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "dnsmasqs extract_name() function can be abused to cause a heap buffer overflow, allowing an attacker to inject false DNS cache entries, which could result in DNS lookups to redirect to an attacker-controlled IP address, or to cause a DoS."}], "id": "CVE-2026-2291", "lastModified": "2026-05-13T14:17:14.120", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 7.3, "baseSeverity": "HIGH", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.4, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-05-11T18:16:31.363", "references": [{"source": "cret@cert.org", "url": "https://github.com/NixOS/nixpkgs/pull/519082"}, {"source": "cret@cert.org", "url": "https://github.com/NixOS/nixpkgs/pull/519093"}, {"source": "cret@cert.org", "url": "https://github.com/pi-hole/FTL/releases/tag/v6.6.2"}, {"source": "cret@cert.org", "url": "https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2026q2/018471.html"}, {"source": "cret@cert.org", "url": "https://thekelleys.org.uk/dnsmasq/CVE/"}, {"source": "cret@cert.org", "url": "https://www.kb.cert.org/vuls/id/471747"}, {"source": "cret@cert.org", "url": "https://www.suse.com/security/cve/CVE-2026-2291.html"}], "sourceIdentifier": "cret@cert.org", "vulnStatus": "Awaiting Analysis"}

{"acknowledgement": "Red Hat would like to thank Andrew Fasano (NIST) for reporting this issue.", "bugzilla": {"description": "dnsmasq: dnsmasq: heap buffer overflow in cache via NAME_ESCAPE expansion", "id": "2439088", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2439088"}, "csaw": false, "cvss3": {"cvss3_base_score": "6.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:H", "status": "draft"}, "cwe": "CWE-131", "details": ["A heap buffer overflow was discovered in dnsmasq's DNS cache. When processing DNS responses, dnsmasq expands certain characters into longer escape sequences, but the cache buffer is not sized to hold the expanded result. A specially crafted DNS response can overflow this buffer, potentially crashing the dnsmasq process or poisoning DNS cache records."], "name": "CVE-2026-2291", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Affected", "package_name": "dnsmasq", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "dnsmasq", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Affected", "package_name": "dnsmasq", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "dnsmasq", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Affected", "package_name": "dnsmasq", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Affected", "package_name": "rhcos", "product_name": "Red Hat OpenShift Container Platform 4"}], "public_date": "2026-05-09T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2026-2291\nhttps://nvd.nist.gov/vuln/detail/CVE-2026-2291"], "statement": "Red Hat rates this issue as Moderate rather than Important. While DNS cache poisoning is possible, a process crash is the most likely outcome of a successful exploit. Also, standard upstream DNS resolvers reject the malformed responses before they reach dnsmasq, limiting exploitation to uncommon configurations where dnsmasq forwards directly to an attacker-controlled server.", "threat_severity": "Moderate"}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "2.93"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "dnsmasq", "source": "cna", "vendor": "dnsmasq"}, "product": "dnsmasq", "vendor": "dnsmasq"}], "created": "2026-05-11T18:30:05.202497+00:00", "title": "Dnsmasq Heap Buffer Overflow Enabling DNS Cache Poisoning", "updated": "2026-05-13T16:00:17.876360+00:00", "vendors": ["dnsmasq", "dnsmasq$PRODUCT$dnsmasq"]}