[Dnsmasq-discuss] New dnsmasq CVEs assigned: CVE-2025-12198 CVE-2025-12199 CVE-2025-12200, likely bogus
Petr Menšík
pemensik at redhat.com
Wed Oct 29 14:25:46 UTC 2025
Unlike last time we received embargoed AI generated content, this time
there is CVE assigned for dnsmasq. I have no time to solve how real they
are, but I doubt it describes anything of severity Important.
Yes, there might be bugs in DHCP parsing code, but if they need root
access, then they cannot be CVSS score 7.8. If you have not catched them
yet, just posting here they did appear. I think they should be disputed
or fixed CVSS score of them.
If any software passes unfiltered content from unprivileged users to
dnsmasq, then that software should receive Important CVE.
https://www.openwall.com/lists/oss-security/2025/10/27/1
https://www.cve.org/CVERecord?id=CVE-2025-12198
I have to get back to very real and confirmed bind9 CVE fixes. Wanted it
just posted here.
Cheers,
Petr
--
Petr Menšík
Senior Software Engineer, RHEL
Red Hat, https://www.redhat.com/
PGP: DFCF908DB7C87E8E529925BC4931CA5B6C9FC5CB
More information about the Dnsmasq-discuss
mailing list