CVE-2026-12969
MediumCVSS 5.3Summary
A read out-of-bounds vulnerability exists in dnsmasq's find_soa() function. When parsing NS section records, extract_name() is called with extrabytes=0, failing to validate that 10 additional bytes exist for fixed-length DNS record fields.
Risk Assessment
A remote attacker controlling a DNS zone can exploit this via a crafted NXDOMAIN response to cause a 10-byte heap out-of-bounds read, potentially accessing stale data from prior transactions.
Recommendation
It is recommended to update dnsmasq to the latest version to mitigate this vulnerability and to monitor DNS logs for potential attack attempts.
Original NVD description (English source)
An out-of-bounds read vulnerability exists in dnsmasq's find_soa() function in src/rfc1035.c. When parsing NS section records, extract_name() is called with extrabytes=0, failing to validate that 10 additional bytes exist for fixed-length DNS record fields. A remote attacker controlling a DNS zone can exploit this via a crafted NXDOMAIN response to cause a 10-byte heap out-of-bounds read, potentially accessing stale data from prior transactions.

