Skip to main content

Red Hat Enterprise Linux 10 CVE-2026-6507

| EUVD-2026-23419 HIGH
Out-of-bounds Write (CWE-787)
2026-04-17 redhat GHSA-28hj-3gj2-63m5
Denial Of Service Memory Corruption Buffer Overflow Red Hat Enterprise Linux 10 Red Hat Enterprise Linux 6 Red Hat Enterprise Linux 7 Red Hat Enterprise Linux 8 Red Hat Enterprise Linux 9 Red Hat Openshift Container Platform 4 Red Hat Suse
7.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
SUSE
HIGH
qualitative
Red Hat
7.5 MEDIUM
qualitative

Primary rating from NVD.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
None
Availability
High

Lifecycle Timeline

8
Patch released
Apr 29, 2026 - 02:30 nvd
Patch available
Analysis Updated
Apr 17, 2026 - 15:37 vuln.today
v4 (cvss_changed)
Analysis Updated
Apr 17, 2026 - 13:27 vuln.today
v2 (cvss_changed)
Re-analysis Queued
Apr 17, 2026 - 13:22 vuln.today
cvss_changed
Analysis Generated
Apr 17, 2026 - 12:56 vuln.today
EUVD ID Assigned
Apr 17, 2026 - 12:45 euvd
EUVD-2026-23419
Analysis Generated
Apr 17, 2026 - 12:45 vuln.today
CVE Published
Apr 17, 2026 - 12:23 nvd
HIGH 7.5

DescriptionCVE.org

A flaw was found in dnsmasq. A remote attacker could exploit an out-of-bounds write vulnerability by sending a specially crafted BOOTREPLY (Bootstrap Protocol Reply) packet to a dnsmasq server configured with the --dhcp-split-relay option. This can lead to memory corruption, causing the dnsmasq daemon to crash and resulting in a denial of service (DoS).

AnalysisAI

Out-of-bounds write in dnsmasq's DHCP split-relay handler allows remote unauthenticated denial of service via crafted BOOTREPLY packets. Affects Red Hat Enterprise Linux 6-10 and OpenShift Container Platform 4 when dnsmasq runs with the --dhcp-split-relay option enabled. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts
Continue with Google Continue with GitHub

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Identify dnsmasq with --dhcp-split-relay
Delivery
Craft malicious BOOTREPLY packet
Exploit
Send to UDP 67/68
Execution
Trigger out-of-bounds write
Persist
Corrupt dnsmasq memory
Impact
Crash daemon (DoS)
Sign in to reveal

Vulnerability AssessmentAI

Exploitation Requires dnsmasq configured with the --dhcp-split-relay option enabled (non-default setting). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment CVSS 7.5 (High) reflects network attack vector with low complexity and no authentication, but real-world exploitation risk is constrained by the --dhcp-split-relay prerequisite-a non-default configuration typically deployed only in split DHCP relay architectures (enterprise networks with centralized DHCP servers). … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario Attacker identifies internet-facing or laterally accessible dnsmasq server configured with --dhcp-split-relay (common in enterprise networks with centralized DHCP infrastructure). Crafts malicious BOOTREPLY packet with oversized or malformed vendor extension fields targeting the out-of-bounds write condition. …
Remediation Apply vendor patches from Red Hat security advisories (track via https://access.redhat.com/security/cve/CVE-2026-6507 and Bugzilla 2459181). … Detailed patch versions, workarounds, and compensating controls in full report.
Sign in to read full assessment

Recommended ActionAI

Within 24 hours: Inventory all dnsmasq deployments across RHEL 6-10 and OpenShift 4 systems and identify which instances run with --dhcp-split-relay enabled via process inspection and configuration audit. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

More from same product – last 7 days

CVE-2026-11788 HIGH
7.5 Jun 09

Remote denial of service in 389 Directory Server (Red Hat Directory Server 11/12/13 and Red Hat Enterprise Linux 6 throu
CVE-2026-48914 MEDIUM
6.7 Jun 12

Out-of-bounds heap write in QEMU's virtio-blk device allows a high-privileged guest to crash the host QEMU process. The

CVE-2026-11789 MEDIUM
6.5 Jun 09

Denial-of-service in Red Hat's 389 Directory Server allows a highly privileged network attacker to crash the LDAP servic
CVE-2026-11786 MEDIUM
6.5 Jun 09

Out-of-bounds read in 389 Directory Server's LDIF parser exposes limited heap memory to a highly privileged local attack
CVE-2026-11611 MEDIUM
6.5 Jun 08

Denial of service in Red Hat 389 Directory Server's Content Synchronization persistent search plugin enables authenticat

Vendor StatusVendor

SUSE

Severity: High
Product Status
openSUSE Tumbleweed Fixed
SUSE Linux Enterprise Desktop 15 SP7 Fixed
SUSE Linux Enterprise High Performance Computing 15 SP7 Fixed
SUSE Linux Enterprise Micro 5.2 Fixed
SUSE Linux Enterprise Micro 5.3 Fixed

Share

CVE-2026-6507 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy