CVE-2025-12198

03 Nov 2025, 23:17

Type	Values Removed	Values Added
References	{'url': 'https://shimo.im/docs/1d3aMVMmNmiLjg3g/', 'source': 'cna@vuldb.com'} {'url': 'https://vuldb.com/?ctiid.329868', 'source': 'cna@vuldb.com'} {'url': 'https://vuldb.com/?id.329868', 'source': 'cna@vuldb.com'} {'url': 'https://vuldb.com/?submit.673138', 'source': 'cna@vuldb.com'} {'url': 'https://news.ycombinator.com/item?id=45727137', 'source': 'af854a3a-2127-422b-91ae-364da2661108'} {'url': 'https://www.openwall.com/lists/oss-security/2025/10/27/1', 'source': '134c704f-9b21-4f2e-91b3-4a467353bcc0'} {'url': 'https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2025q4/018337.html', 'source': '134c704f-9b21-4f2e-91b3-4a467353bcc0'} {'url': 'https://shimo.im/docs/1d3aMVMmNmiLjg3g', 'source': '134c704f-9b21-4f2e-91b3-4a467353bcc0'}
Summary	(en) A vulnerability has been found in dnsmasq up to 2.73rc6. Affected is the function parse_hex of the file src/util.c of the component Config File Handler. The manipulation of the argument i leads to heap-based buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. This attack requires manipulating config files which might not be a realistic scenario in many cases. The vendor was contacted early about this disclosure but did not respond in any way.	(en) Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: Based on the analysis by MITRE and review of community feedback, the reported conditions represent expected and intentional behavior within dnsmasq's documented design, rather than security vulnerabilities.
CWE	CWE-122 CWE-119
CVSS	v2 : 6.8 v3 : 7.8	v2 : unknown v3 : unknown

---

03 Nov 2025, 19:15

Type	Values Removed	Values Added
Summary	(en) A vulnerability has been found in dnsmasq up to 2.73rc6. Affected is the function parse_hex of the file src/util.c of the component Config File Handler. The manipulation of the argument i leads to heap-based buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.	(en) A vulnerability has been found in dnsmasq up to 2.73rc6. Affected is the function parse_hex of the file src/util.c of the component Config File Handler. The manipulation of the argument i leads to heap-based buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used. The real existence of this vulnerability is still doubted at the moment. This attack requires manipulating config files which might not be a realistic scenario in many cases. The vendor was contacted early about this disclosure but did not respond in any way.

---

01 Nov 2025, 19:15

Type	Values Removed	Values Added
References		() https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2025q4/018337.html -
References	() https://www.openwall.com/lists/oss-security/2025/10/27/1 -	() https://www.openwall.com/lists/oss-security/2025/10/27/1 -

---

28 Oct 2025, 16:15

Type	Values Removed	Values Added
References		() https://shimo.im/docs/1d3aMVMmNmiLjg3g -

---

28 Oct 2025, 02:15

Type	Values Removed	Values Added
References		() https://news.ycombinator.com/item?id=45727137 -

---

28 Oct 2025, 01:16

Type	Values Removed	Values Added
References		() https://www.openwall.com/lists/oss-security/2025/10/27/1 -

---

27 Oct 2025, 01:15

Type	Values Removed	Values Added
New CVE

---