OESA-2026-2436

Source
https://www.openeuler.org/en/security/security-bulletins/detail/?id=openEuler-SA-2026-2436
Import Source
https://repo.openeuler.org/security/data/osv/OESA-2026-2436.json
JSON Data
https://api.osv.dev/v1/vulns/OESA-2026-2436
Upstream
Published
2026-05-22T13:22:06Z
Modified
2026-05-22T13:30:22.445861584Z
Summary
dnsmasq security update
Details

Dnsmasq provides network infrastructure for small networks: DNS, DHCP, router advertisement and network boot. It is designed to be lightweight and have a small footprint, suitable for resource constrained routers and firewalls. It has also been widely used for tethering on smartphones and portable hotspots, and to support virtual networking in virtualisation frameworks.

Security Fix(es):

dnsmasqs extract_name() function can be abused to cause a heap buffer overflow, allowing an attacker to inject false DNS cache entries, which could result in DNS lookups to redirect to an attacker-controlled IP address, or to cause a DoS.(CVE-2026-2291)

A Denial of Service (DoS) vulnerability in the DNSSEC validation of dnsmasq allows remote attackers to cause a denial of service via a crafted DNS packet.(CVE-2026-4890)

A heap-based out-of-bounds read vulnerability in the DNSSEC validation of dnsmasq allows remote attackers to cause a denial of service via a crafted DNS packet.(CVE-2026-4891)

A heap-based out-of-bounds write vulnerability in the DHCPv6 implementation of dnsmasq allows local attackers to execute arbitrary code with root privileges via a crafted DHCPv6 packet.(CVE-2026-4892)

An information disclosure vulnerability in dnsmasq allows remote attackers to bypass source checks via a crafted DNS packet with RFC 7871 client subnet information.(CVE-2026-4893)

A buffer overflow in dnsmasq’s extractaddresses() function allows an attacker to trigger a heap out-of-bounds read and crash by exploiting a malformed DNS response, enabling extractname() to advance the pointer past the record’s end.(CVE-2026-5172)

Database specific
{
    "severity": "Critical"
}
References

Affected packages

openEuler:24.03-LTS-SP3 / dnsmasq

Package

Name
dnsmasq
Purl
pkg:rpm/openEuler/dnsmasq&distro=openEuler-24.03-LTS-SP3

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
2.90-9.oe2403sp3

Ecosystem specific

{
    "aarch64": [
        "dnsmasq-2.90-9.oe2403sp3.aarch64.rpm",
        "dnsmasq-debuginfo-2.90-9.oe2403sp3.aarch64.rpm",
        "dnsmasq-debugsource-2.90-9.oe2403sp3.aarch64.rpm",
        "dnsmasq-help-2.90-9.oe2403sp3.aarch64.rpm"
    ],
    "src": [
        "dnsmasq-2.90-9.oe2403sp3.src.rpm"
    ],
    "x86_64": [
        "dnsmasq-2.90-9.oe2403sp3.x86_64.rpm",
        "dnsmasq-debuginfo-2.90-9.oe2403sp3.x86_64.rpm",
        "dnsmasq-debugsource-2.90-9.oe2403sp3.x86_64.rpm",
        "dnsmasq-help-2.90-9.oe2403sp3.x86_64.rpm"
    ]
}

Database specific

source
"https://repo.openeuler.org/security/data/osv/OESA-2026-2436.json"