CVE-2026-30872
- Source
- https://cve.org/CVERecord?id=CVE-2026-30872
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2026-30872.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2026-30872
- Aliases
-
- GHSA-mpgh-v658-jqv5
- Published
- 2026-03-19T21:56:23.472Z
- Modified
- 2026-04-10T05:41:57.471872Z
- Severity
-
- 9.5 (Critical) CVSS_V4 - CVSS:4.0/AV:N/AC:H/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H CVSS Calculator
- Summary
- OpenWrt Project has a Stack-based Buffer Overflow vulnerability via IPv6 reverse DNS lookup
- Details
-
OpenWrt Project is a Linux operating system targeting embedded devices. In versions prior to 24.10.6 and 25.12.1, the mdns daemon has a Stack-based Buffer Overflow vulnerability in the matchipv6addresses function, triggered when processing PTR queries for IPv6 reverse DNS domains (.ip6.arpa) received via multicast DNS on UDP port 5353. During processing, the domain name from namebuffer is copied via strcpy into a fixed 256-byte stack buffer, and then the reverse IPv6 request is extracted into a buffer of only 46 bytes (INET6ADDRSTRLEN). Because the length of the data is never validated before this extraction, an attacker can supply input larger than 46 bytes, causing an out-of-bounds write. This allows a specially crafted DNS query to overflow the stack buffer in matchipv6addresses, potentially enabling remote code execution. This issue has been fixed in versions 24.10.6 and 25.12.1.
- Database specific
{ "cwe_ids": [ "CWE-121" ], "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/30xxx/CVE-2026-30872.json", "cna_assigner": "GitHub_M" }- References
-
- https://github.com/openwrt/openwrt/releases/tag/v24.10.6
- https://github.com/openwrt/openwrt/releases/tag/v25.12.1
- https://github.com/CVEProject/cvelistV5/tree/main/cves/2026/30xxx/CVE-2026-30872.json
- https://github.com/openwrt/openwrt/security/advisories/GHSA-mpgh-v658-jqv5
- https://nvd.nist.gov/vuln/detail/CVE-2026-30872