EUVD-2026-29154
GHSA-m62j-63mf-xr95
CVSS VectorNVD
CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
5DescriptionNVD
A heap-based out-of-bounds write vulnerability in the DHCPv6 implementation of dnsmasq allows local attackers to execute arbitrary code with root privileges via a crafted DHCPv6 packet.
AnalysisAI
Heap-based buffer overflow in dnsmasq's DHCPv6 implementation enables local attackers to execute arbitrary code with root privileges. Affects dnsmasq 2.93 (and potentially earlier 2.92 branch based on NixOS patching activity). …
Sign in for full analysis, threat intelligence, and remediation guidance.
RemediationAI
Within 24 hours: Inventory all systems running dnsmasq 2.93 and 2.92; determine whether DHCPv6 is enabled and whether untrusted local users have access. Within 7 days: Implement network segmentation to restrict local access to dnsmasq processes; disable DHCPv6 if not operationally required; evaluate backporting or custom patch candidates from upstream repository (thekelleys.org.uk/dnsmasq/CVE/). …
Sign in for detailed remediation steps.
More from same product – last 7 days
Command injection in the shell-quote npm package allows attackers who can influence object-token inputs to inject arbitr
Heap buffer overflow in NGINX Plus and NGINX Open Source ngx_http_rewrite_module allows unauthenticated remote attackers
Vendor StatusVendor
Share
External POC / Exploit Code
Leaving vuln.today