Suositussa Dnsmasqissa on useita haavoitttuvuuksia. Ubuntu, Pi-Hole, reitittimet jne.
Debian julkaissut päivitykset jo Bookworm ja Trixie jakeluihin.
Pi-Hole:
Release Pi-hole FTL v6.6.2 · pi-hole/FTL
dnsmasq contains several vulnerabilities, including attacker DNS redirect,
privilege escalation, and heap manipulation
URL:
CERT/CC Vulnerability Note VU#471747
Classification: Severe, Solution: Official Fix, Exploit Maturity: Not Defined, CVSSv3.1: 8.4
CVEs: CVE-2026-2291, CVE-2026-4890, CVE-2026-4891, CVE-2026-4892, CVE-2026-4893, CVE-2026-5172
dnsmasq is affected by multiple memory safety and input validation
vulnerabilities, including heap buffer overflows, heap corruption, and code
execution flaws. Collectively, these vulnerabilities enable attackers to
poison cached DNS records, bypass security controls, crash the dnsmasq
process, or under certain conditions, achieve local privilege escalation.
DoS (CVE-2026-2291, CVE-2026-4890, CVE-2026-5172) — dnsmasq may crash or
become unresponsive, terminating DNS resolution and affecting dependent
services.
Cache Poisoning / Redirection (CVE-2026-2291, CVE-2026-4893) — Attackers may
overwrite cache entries or manipulate response routing, enabling the silent
redirection of users to malicious domains.
Information Disclosure (CVE-2026-4891, CVE-2026-4893) — Internal memory and
network information may be inadvertently exposed.
Local Privilege Escalation (CVE-2026-4892) — A local attacker may execute
arbitrary code as root via DHCPv6 manipulation.
