CVE-2026-1425

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2026-1425
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-1425.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2026-1425
Downstream
Published
2026-01-26T08:16:00.490Z
Modified
2026-03-15T22:52:38.026891Z
Severity
  • 6.3 (Medium) CVSS_V4 - CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X CVSS Calculator
Summary
[none]
Details

A security flaw has been discovered in pymumu SmartDNS up to 47.1. This vulnerability affects the function dnsdecoderrhead/dnsdecodeSVCBHTTPS of the file src/dns.c of the component SVBC Record Parser. The manipulation results in stack-based buffer overflow. It is possible to launch the attack remotely. A high complexity level is associated with this attack. It is stated that the exploitability is difficult. The patch is identified as 2d57c4b4e1add9b4537aeb403f794a084727e1c8. Applying a patch is advised to resolve this issue.

References

Affected packages

Git / github.com/pymumu/smartdns

Affected ranges

Type
GIT
Repo
https://github.com/pymumu/smartdns
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
2d57c4b4e1add9b4537aeb403f794a084727e1c8

Affected versions

Other
Release18
Release20
Release21
Release22
Release23
Release24
Release25
Release26-Special
Release27
Release28
Release29
Release30
Release31
Release32
Release32-RC1
Release32-RC2
Release32-RC3
Release32-RC4
Release33
Release34
Release35
Release36
Release37
Release37-RC1
Release37-RC2
Release37-RC3
Release38
Release39
Release40
Release41
Release41-RC1
Release41-RC2
Release41-RC3
Release42
Release43
Release45
Release46
Release47
all-best-ip
Release36.*
Release36.1
Release37.*
Release37.1
Release37.2
Release38.*
Release38.1
Release46.*
Release46.1
Release47.*
Release47.1

Database specific

source 
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-1425.json"
vanir_signatures 
[
    {
        "id": "CVE-2026-1425-26677959",
        "digest": {
            "line_hashes": [
                "47936723472579650317540588921420773264",
                "297295444819886776360825326696600298970",
                "31837311719478478378871006974787145952",
                "14918559670342219424111814079108165961",
                "65893038981463212428264919369997831285",
                "3532271727601454759440135402921217734"
            ],
            "threshold": 0.9
        },
        "signature_type": "Line",
        "source": "https://github.com/pymumu/smartdns/commit/2d57c4b4e1add9b4537aeb403f794a084727e1c8",
        "deprecated": false,
        "signature_version": "v1",
        "target": {
            "file": "src/dns.c"
        }
    },
    {
        "id": "CVE-2026-1425-93acf2f1",
        "digest": {
            "function_hash": "189241239471486783380937913167718436350",
            "length": 599.0
        },
        "signature_type": "Function",
        "source": "https://github.com/pymumu/smartdns/commit/2d57c4b4e1add9b4537aeb403f794a084727e1c8",
        "deprecated": false,
        "signature_version": "v1",
        "target": {
            "file": "src/dns.c",
            "function": "_dns_decode_rr_head"
        }
    },
    {
        "id": "CVE-2026-1425-fd6ceecd",
        "digest": {
            "function_hash": "200354488342086936584005011630155940432",
            "length": 1497.0
        },
        "signature_type": "Function",
        "source": "https://github.com/pymumu/smartdns/commit/2d57c4b4e1add9b4537aeb403f794a084727e1c8",
        "deprecated": false,
        "signature_version": "v1",
        "target": {
            "file": "src/dns.c",
            "function": "_dns_decode_SVCB_HTTPS"
        }
    }
]