{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-2291", "assignerOrgId": "37e5125f-f79b-445b-8fad-9564f167944b", "state": "PUBLISHED", "assignerShortName": "certcc", "dateReserved": "2026-02-10T15:41:17.169Z", "datePublished": "2026-05-11T16:47:01.981Z", "dateUpdated": "2026-05-11T19:59:05.194Z"}, "containers": {"cna": {"title": "CVE-2026-2291", "descriptions": [{"lang": "en", "value": "dnsmasqs extract_name() function can be abused to cause a heap buffer overflow, allowing an attacker to inject false DNS cache entries, which could result in DNS lookups to redirect to an attacker-controlled IP address, or to cause a DoS."}], "source": {"discovery": "UNKNOWN"}, "affected": [{"vendor": "dnsmasq", "product": "dnsmasq", "versions": [{"status": "affected", "version": "2.92rel2"}]}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-190: Integer Overflow or Wraparound"}]}], "references": [{"url": "https://www.suse.com/security/cve/CVE-2026-2291.html"}, {"url": "https://www.kb.cert.org/vuls/id/471747"}, {"url": "https://thekelleys.org.uk/dnsmasq/CVE/"}, {"url": "https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2026q2/018471.html"}, {"url": "https://github.com/NixOS/nixpkgs/pull/519082"}, {"url": "https://github.com/NixOS/nixpkgs/pull/519093"}, {"url": "https://github.com/pi-hole/FTL/releases/tag/v6.6.2"}], "x_generator": {"engine": "VINCE 3.0.39", "env": "prod", "origin": "https://cveawg.mitre.org/api/cve/CVE-2026-2291"}, "providerMetadata": {"orgId": "37e5125f-f79b-445b-8fad-9564f167944b", "shortName": "certcc", "dateUpdated": "2026-05-11T19:59:05.194Z"}}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "dnsmasqs extract_name() function can be abused to cause a heap buffer overflow, allowing an attacker to inject false DNS cache entries, which could result in DNS lookups to redirect to an attacker-controlled IP address, or to cause a DoS."}], "id": "CVE-2026-2291", "lastModified": "2026-05-11T21:18:59.623", "metrics": {}, "published": "2026-05-11T18:16:31.363", "references": [{"source": "cret@cert.org", "url": "https://github.com/NixOS/nixpkgs/pull/519082"}, {"source": "cret@cert.org", "url": "https://github.com/NixOS/nixpkgs/pull/519093"}, {"source": "cret@cert.org", "url": "https://github.com/pi-hole/FTL/releases/tag/v6.6.2"}, {"source": "cret@cert.org", "url": "https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2026q2/018471.html"}, {"source": "cret@cert.org", "url": "https://thekelleys.org.uk/dnsmasq/CVE/"}, {"source": "cret@cert.org", "url": "https://www.kb.cert.org/vuls/id/471747"}, {"source": "cret@cert.org", "url": "https://www.suse.com/security/cve/CVE-2026-2291.html"}], "sourceIdentifier": "cret@cert.org", "vulnStatus": "Received"}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "2.93"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "dnsmasq", "source": "cna", "vendor": "dnsmasq"}, "product": "dnsmasq", "vendor": "dnsmasq"}], "created": "2026-05-11T18:30:05.202497+00:00", "title": "Dnsmasq Heap Buffer Overflow Enabling DNS Cache Poisoning", "updated": "2026-05-11T19:00:13.693673+00:00", "vendors": ["dnsmasq", "dnsmasq$PRODUCT$dnsmasq"], "weaknesses": ["CWE-122", "CWE-20"]}