{ "document":{ "aggregate_severity":{ "namespace":"https://nvd.nist.gov/vuln-metrics/cvss", "text":"Critical" }, "category":"csaf_vex", "csaf_version":"2.0", "distribution":{ "tlp":{ "label":"WHITE", "url":"https:/www.first.org/tlp/" } }, "lang":"en", "notes":[ { "text":"dnsmasq security update", "category":"general", "title":"Synopsis" }, { "text":"An update for dnsmasq is now available for openEuler-20.03-LTS-SP4", "category":"general", "title":"Summary" }, { "text":"Dnsmasq provides network infrastructure for small networks: DNS, DHCP, router advertisement and network boot. It is designed to be lightweight and have a small footprint, suitable for resource constrained routers and firewalls. It has also been widely used for tethering on smartphones and portable hotspots, and to support virtual networking in virtualisation frameworks.\n\nSecurity Fix(es):\n\ndnsmasqs extract_name() function can be abused to cause a heap buffer overflow, allowing an attacker to inject false DNS cache entries, which could result in DNS lookups to redirect to an attacker-controlled IP address, or to cause a DoS.(CVE-2026-2291)\n\nA Denial of Service (DoS) vulnerability in the DNSSEC validation of dnsmasq allows remote attackers to cause a denial of service via a crafted DNS packet.(CVE-2026-4890)\n\nA heap-based out-of-bounds read vulnerability in the DNSSEC validation of dnsmasq allows remote attackers to cause a denial of service via a crafted DNS packet.(CVE-2026-4891)\n\nA heap-based out-of-bounds write vulnerability in the DHCPv6 implementation of dnsmasq allows local attackers to execute arbitrary code with root privileges via a crafted DHCPv6 packet.(CVE-2026-4892)\n\nAn information disclosure vulnerability in dnsmasq allows remote attackers to bypass source checks via a crafted DNS packet with RFC 7871 client subnet information.(CVE-2026-4893)", "category":"general", "title":"Description" }, { "text":"An update for dnsmasq is now available for openEuler-20.03-LTS-SP4.\n\nopenEuler Security has rated this update as having a security impact of critical. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.", "category":"general", "title":"Topic" }, { "text":"Critical", "category":"general", "title":"Severity" }, { "text":"dnsmasq", "category":"general", "title":"Affected Component" } ], "publisher":{ "issuing_authority":"openEuler security committee", "name":"openEuler", "namespace":"https://www.openeuler.org", "contact_details":"openeuler-security@openeuler.org", "category":"vendor" }, "references":[ { "summary":"openEuler-SA-2026-2437", "category":"self", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2437" }, { "summary":"CVE-2026-2291", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-2291&packageName=dnsmasq" }, { "summary":"CVE-2026-4890", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-4890&packageName=dnsmasq" }, { "summary":"CVE-2026-4891", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-4891&packageName=dnsmasq" }, { "summary":"CVE-2026-4892", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-4892&packageName=dnsmasq" }, { "summary":"CVE-2026-4893", "category":"self", "url":"https://www.openeuler.org/en/security/cve/detail/?cveId=CVE-2026-4893&packageName=dnsmasq" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-2291" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-4890" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-4891" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-4892" }, { "summary":"nvd cve", "category":"external", "url":"https://nvd.nist.gov/vuln/detail/CVE-2026-4893" }, { "summary":"openEuler-SA-2026-2437 vex file", "category":"self", "url":"https://repo.openeuler.org/security/data/csaf/advisories/2026/csaf-openeuler-sa-2026-2437.json" } ], "title":"An update for dnsmasq is now available for openEuler-20.03-LTS-SP4", "tracking":{ "initial_release_date":"2026-05-22T21:22:10+08:00", "revision_history":[ { "date":"2026-05-22T21:22:10+08:00", "summary":"Initial", "number":"1.0.0" } ], "generator":{ "date":"2026-05-22T21:22:10+08:00", "engine":{ "name":"openEuler CSAF Tool V1.0" } }, "current_release_date":"2026-05-22T21:22:10+08:00", "id":"openEuler-SA-2026-2437", "version":"1.0.0", "status":"final" } }, "product_tree":{ "branches":[ { "name":"openEuler", "category":"vendor", "branches":[ { "name":"openEuler", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" }, "product_id":"openEuler-20.03-LTS-SP4", "name":"openEuler-20.03-LTS-SP4" }, "name":"openEuler-20.03-LTS-SP4", "category":"product_version" } ], "category":"product_name" }, { "name":"aarch64", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" }, "product_id":"dnsmasq-2.82-21.oe2003sp4.aarch64.rpm", "name":"dnsmasq-2.82-21.oe2003sp4.aarch64.rpm" }, "name":"dnsmasq-2.82-21.oe2003sp4.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" }, "product_id":"dnsmasq-debuginfo-2.82-21.oe2003sp4.aarch64.rpm", "name":"dnsmasq-debuginfo-2.82-21.oe2003sp4.aarch64.rpm" }, "name":"dnsmasq-debuginfo-2.82-21.oe2003sp4.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" }, "product_id":"dnsmasq-debugsource-2.82-21.oe2003sp4.aarch64.rpm", "name":"dnsmasq-debugsource-2.82-21.oe2003sp4.aarch64.rpm" }, "name":"dnsmasq-debugsource-2.82-21.oe2003sp4.aarch64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" }, "product_id":"dnsmasq-help-2.82-21.oe2003sp4.aarch64.rpm", "name":"dnsmasq-help-2.82-21.oe2003sp4.aarch64.rpm" }, "name":"dnsmasq-help-2.82-21.oe2003sp4.aarch64.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"src", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" }, "product_id":"dnsmasq-2.82-21.oe2003sp4.src.rpm", "name":"dnsmasq-2.82-21.oe2003sp4.src.rpm" }, "name":"dnsmasq-2.82-21.oe2003sp4.src.rpm", "category":"product_version" } ], "category":"architecture" }, { "name":"x86_64", "branches":[ { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" }, "product_id":"dnsmasq-2.82-21.oe2003sp4.x86_64.rpm", "name":"dnsmasq-2.82-21.oe2003sp4.x86_64.rpm" }, "name":"dnsmasq-2.82-21.oe2003sp4.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" }, "product_id":"dnsmasq-debuginfo-2.82-21.oe2003sp4.x86_64.rpm", "name":"dnsmasq-debuginfo-2.82-21.oe2003sp4.x86_64.rpm" }, "name":"dnsmasq-debuginfo-2.82-21.oe2003sp4.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" }, "product_id":"dnsmasq-debugsource-2.82-21.oe2003sp4.x86_64.rpm", "name":"dnsmasq-debugsource-2.82-21.oe2003sp4.x86_64.rpm" }, "name":"dnsmasq-debugsource-2.82-21.oe2003sp4.x86_64.rpm", "category":"product_version" }, { "product":{ "product_identification_helper":{ "cpe":"cpe:/a:openEuler:openEuler:20.03-LTS-SP4" }, "product_id":"dnsmasq-help-2.82-21.oe2003sp4.x86_64.rpm", "name":"dnsmasq-help-2.82-21.oe2003sp4.x86_64.rpm" }, "name":"dnsmasq-help-2.82-21.oe2003sp4.x86_64.rpm", "category":"product_version" } ], "category":"architecture" } ] } ], "relationships":[ { "relates_to_product_reference":"openEuler-20.03-LTS-SP4", "product_reference":"dnsmasq-2.82-21.oe2003sp4.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-20.03-LTS-SP4:dnsmasq-2.82-21.oe2003sp4.aarch64", "name":"dnsmasq-2.82-21.oe2003sp4.aarch64 as a component of openEuler-20.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-20.03-LTS-SP4", "product_reference":"dnsmasq-debuginfo-2.82-21.oe2003sp4.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-20.03-LTS-SP4:dnsmasq-debuginfo-2.82-21.oe2003sp4.aarch64", "name":"dnsmasq-debuginfo-2.82-21.oe2003sp4.aarch64 as a component of openEuler-20.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-20.03-LTS-SP4", "product_reference":"dnsmasq-debugsource-2.82-21.oe2003sp4.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-20.03-LTS-SP4:dnsmasq-debugsource-2.82-21.oe2003sp4.aarch64", "name":"dnsmasq-debugsource-2.82-21.oe2003sp4.aarch64 as a component of openEuler-20.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-20.03-LTS-SP4", "product_reference":"dnsmasq-help-2.82-21.oe2003sp4.aarch64.rpm", "full_product_name":{ "product_id":"openEuler-20.03-LTS-SP4:dnsmasq-help-2.82-21.oe2003sp4.aarch64", "name":"dnsmasq-help-2.82-21.oe2003sp4.aarch64 as a component of openEuler-20.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-20.03-LTS-SP4", "product_reference":"dnsmasq-2.82-21.oe2003sp4.src.rpm", "full_product_name":{ "product_id":"openEuler-20.03-LTS-SP4:dnsmasq-2.82-21.oe2003sp4.src", "name":"dnsmasq-2.82-21.oe2003sp4.src as a component of openEuler-20.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-20.03-LTS-SP4", "product_reference":"dnsmasq-2.82-21.oe2003sp4.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-20.03-LTS-SP4:dnsmasq-2.82-21.oe2003sp4.x86_64", "name":"dnsmasq-2.82-21.oe2003sp4.x86_64 as a component of openEuler-20.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-20.03-LTS-SP4", "product_reference":"dnsmasq-debuginfo-2.82-21.oe2003sp4.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-20.03-LTS-SP4:dnsmasq-debuginfo-2.82-21.oe2003sp4.x86_64", "name":"dnsmasq-debuginfo-2.82-21.oe2003sp4.x86_64 as a component of openEuler-20.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-20.03-LTS-SP4", "product_reference":"dnsmasq-debugsource-2.82-21.oe2003sp4.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-20.03-LTS-SP4:dnsmasq-debugsource-2.82-21.oe2003sp4.x86_64", "name":"dnsmasq-debugsource-2.82-21.oe2003sp4.x86_64 as a component of openEuler-20.03-LTS-SP4" }, "category":"default_component_of" }, { "relates_to_product_reference":"openEuler-20.03-LTS-SP4", "product_reference":"dnsmasq-help-2.82-21.oe2003sp4.x86_64.rpm", "full_product_name":{ "product_id":"openEuler-20.03-LTS-SP4:dnsmasq-help-2.82-21.oe2003sp4.x86_64", "name":"dnsmasq-help-2.82-21.oe2003sp4.x86_64 as a component of openEuler-20.03-LTS-SP4" }, "category":"default_component_of" } ] }, "vulnerabilities":[ { "cve":"CVE-2026-2291", "notes":[ { "text":"dnsmasqs extract_name() function can be abused to cause a heap buffer overflow, allowing an attacker to inject false DNS cache entries, which could result in DNS lookups to redirect to an attacker-controlled IP address, or to cause a DoS.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":[ "openEuler-20.03-LTS-SP4:dnsmasq-2.82-21.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:dnsmasq-debuginfo-2.82-21.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:dnsmasq-debugsource-2.82-21.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:dnsmasq-help-2.82-21.oe2003sp4.aarch64", "openEuler-20.03-LTS-SP4:dnsmasq-2.82-21.oe2003sp4.src", "openEuler-20.03-LTS-SP4:dnsmasq-2.82-21.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:dnsmasq-debuginfo-2.82-21.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:dnsmasq-debugsource-2.82-21.oe2003sp4.x86_64", "openEuler-20.03-LTS-SP4:dnsmasq-help-2.82-21.oe2003sp4.x86_64" ] }, "remediations":[ { "product_ids":{"$ref":"$.vulnerabilities[0].product_status.fixed"}, "details":"dnsmasq security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2437" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"CRITICAL", "baseScore":9.8, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version":"3.1" }, "products":{"$ref":"$.vulnerabilities[0].product_status.fixed"} } ], "threats":[ { "details":"Critical", "category":"impact" } ], "title":"CVE-2026-2291" }, { "cve":"CVE-2026-4890", "notes":[ { "text":"A Denial of Service (DoS) vulnerability in the DNSSEC validation of dnsmasq allows remote attackers to cause a denial of service via a crafted DNS packet.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":{"$ref":"$.vulnerabilities[0].product_status.fixed"} }, "remediations":[ { "product_ids":{"$ref":"$.vulnerabilities[0].product_status.fixed"}, "details":"dnsmasq security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2437" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":7.5, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version":"3.1" }, "products":{"$ref":"$.vulnerabilities[0].product_status.fixed"} } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2026-4890" }, { "cve":"CVE-2026-4891", "notes":[ { "text":"A heap-based out-of-bounds read vulnerability in the DNSSEC validation of dnsmasq allows remote attackers to cause a denial of service via a crafted DNS packet.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":{"$ref":"$.vulnerabilities[0].product_status.fixed"} }, "remediations":[ { "product_ids":{"$ref":"$.vulnerabilities[0].product_status.fixed"}, "details":"dnsmasq security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2437" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.3, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version":"3.1" }, "products":{"$ref":"$.vulnerabilities[0].product_status.fixed"} } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2026-4891" }, { "cve":"CVE-2026-4892", "notes":[ { "text":"A heap-based out-of-bounds write vulnerability in the DHCPv6 implementation of dnsmasq allows local attackers to execute arbitrary code with root privileges via a crafted DHCPv6 packet.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":{"$ref":"$.vulnerabilities[0].product_status.fixed"} }, "remediations":[ { "product_ids":{"$ref":"$.vulnerabilities[0].product_status.fixed"}, "details":"dnsmasq security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2437" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"HIGH", "baseScore":8.4, "vectorString":"CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version":"3.1" }, "products":{"$ref":"$.vulnerabilities[0].product_status.fixed"} } ], "threats":[ { "details":"High", "category":"impact" } ], "title":"CVE-2026-4892" }, { "cve":"CVE-2026-4893", "notes":[ { "text":"An information disclosure vulnerability in dnsmasq allows remote attackers to bypass source checks via a crafted DNS packet with RFC 7871 client subnet information.", "category":"description", "title":"Vulnerability Description" } ], "product_status":{ "fixed":{"$ref":"$.vulnerabilities[0].product_status.fixed"} }, "remediations":[ { "product_ids":{"$ref":"$.vulnerabilities[0].product_status.fixed"}, "details":"dnsmasq security update", "category":"vendor_fix", "url":"https://www.openeuler.org/zh/security/security-bulletins/detail/?id=openEuler-SA-2026-2437" } ], "scores":[ { "cvss_v3":{ "baseSeverity":"MEDIUM", "baseScore":5.3, "vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version":"3.1" }, "products":{"$ref":"$.vulnerabilities[0].product_status.fixed"} } ], "threats":[ { "details":"Medium", "category":"impact" } ], "title":"CVE-2026-4893" } ] }