CVE-2025-12199

03 Nov 2025, 23:17

Type	Values Removed	Values Added
CVSS	v2 : 1.7 v3 : 3.3	v2 : unknown v3 : unknown
Summary	(en) A vulnerability was found in dnsmasq up to 2.73rc6. Affected by this vulnerability is the function check_servers of the file src/network.c of the component Config File Handler. The manipulation results in null pointer dereference. The attack needs to be approached locally. The exploit has been made public and could be used. It is still unclear if this vulnerability genuinely exists. This attack requires manipulating config files which might not be a realistic scenario in many cases. The vendor was contacted early about this disclosure but did not respond in any way.	(en) Rejected reason: ** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: Based on the analysis by MITRE and review of community feedback, the reported conditions represent expected and intentional behavior within dnsmasq's documented design, rather than security vulnerabilities.
CWE	CWE-404 CWE-476
References	{'url': 'https://shimo.im/docs/ZzkLMVMN7vIYJBAQ/', 'source': 'cna@vuldb.com'} {'url': 'https://vuldb.com/?ctiid.329869', 'source': 'cna@vuldb.com'} {'url': 'https://vuldb.com/?id.329869', 'source': 'cna@vuldb.com'} {'url': 'https://vuldb.com/?submit.673154', 'source': 'cna@vuldb.com'} {'url': 'https://news.ycombinator.com/item?id=45727137', 'source': 'af854a3a-2127-422b-91ae-364da2661108'} {'url': 'https://www.openwall.com/lists/oss-security/2025/10/27/1', 'source': '134c704f-9b21-4f2e-91b3-4a467353bcc0'} {'url': 'https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2025q4/018337.html', 'source': '134c704f-9b21-4f2e-91b3-4a467353bcc0'}

---

03 Nov 2025, 19:15

Type	Values Removed	Values Added
Summary	(en) A vulnerability was found in dnsmasq up to 2.73rc6. Affected by this vulnerability is the function check_servers of the file src/network.c of the component Config File Handler. The manipulation results in null pointer dereference. The attack needs to be approached locally. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.	(en) A vulnerability was found in dnsmasq up to 2.73rc6. Affected by this vulnerability is the function check_servers of the file src/network.c of the component Config File Handler. The manipulation results in null pointer dereference. The attack needs to be approached locally. The exploit has been made public and could be used. It is still unclear if this vulnerability genuinely exists. This attack requires manipulating config files which might not be a realistic scenario in many cases. The vendor was contacted early about this disclosure but did not respond in any way.

---

02 Nov 2025, 04:15

Type	Values Removed	Values Added
References		() https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2025q4/018337.html -
References	() https://www.openwall.com/lists/oss-security/2025/10/27/1 -	() https://www.openwall.com/lists/oss-security/2025/10/27/1 -

---

28 Oct 2025, 02:15

Type	Values Removed	Values Added
References		() https://news.ycombinator.com/item?id=45727137 -

---

28 Oct 2025, 01:16

Type	Values Removed	Values Added
References		() https://www.openwall.com/lists/oss-security/2025/10/27/1 -

---

27 Oct 2025, 01:15

Type	Values Removed	Values Added
New CVE

---