High severity7.3NVD Advisory· Published May 11, 2026· Updated May 13, 2026
CVE-2026-5172
CVE-2026-5172
Description
A buffer overflow in dnsmasq’s extract_addresses() function allows an attacker to trigger a heap out-of-bounds read and crash by exploiting a malformed DNS response, enabling extract_name() to advance the pointer past the record’s end.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
10- osv-coords9 versionspkg:apk/chainguard/dnsmasqpkg:apk/chainguard/dnsmasq-docpkg:apk/wolfi/dnsmasqpkg:apk/wolfi/dnsmasq-docpkg:rpm/almalinux/dnsmasqpkg:rpm/almalinux/dnsmasq-utilspkg:rpm/opensuse/dnsmasq&distro=openSUSE%20Tumbleweedpkg:rpm/suse/dnsmasq&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5-LTSSpkg:rpm/suse/dnsmasq&distro=SUSE%20Linux%20Enterprise%20Server%20LTSS%20Extended%20Security%2012%20SP5
< 2.93-r0+ 8 more
- (no CPE)range: < 2.93-r0
- (no CPE)range: < 2.93-r0
- (no CPE)range: < 2.93-r0
- (no CPE)range: < 2.93-r0
- (no CPE)range: < 2.90-7.el10_2
- (no CPE)range: < 2.90-7.el10_2
- (no CPE)range: < 2.92rel2-1.1
- (no CPE)range: < 2.92rel2-18.27.1
- (no CPE)range: < 2.92rel2-18.27.1
Patches
Vulnerability mechanics
References
6News mentions
2- OpenAI Expands Daybreak With GPT-5.5-Cyber to Help Defenders Patch Security FlawsThe Hacker News · Jun 23, 2026
- ⚡ Weekly Recap: Exchange 0-Day, npm Worm, Fake AI Repo, Cisco Exploit and MoreThe Hacker News · May 18, 2026