CVE-2026-12969: Out-of-bounds Read in Red Hat Red Hat Enterprise Linux 10
An out-of-bounds read vulnerability exists in dnsmasq's find_soa() function in src/rfc1035.c. When parsing NS section records, extract_name() is called with extrabytes=0, failing to validate that 10 additional bytes exist for fixed-length DNS record fields. A remote attacker controlling a DNS zone can exploit this via a crafted NXDOMAIN response to cause a 10-byte heap out-of-bounds read, potentially accessing stale data from prior transactions.
AI Analysis
Technical Summary
This vulnerability involves an out-of-bounds read in dnsmasq's find_soa() function within src/rfc1035.c. Specifically, when parsing NS section records, the extract_name() function is called with extrabytes=0, which fails to verify the presence of 10 additional bytes needed for fixed-length DNS record fields. This flaw allows a remote attacker who controls a DNS zone to trigger a 10-byte heap out-of-bounds read via a crafted NXDOMAIN response, potentially exposing stale data from prior DNS transactions. The issue affects Red Hat Enterprise Linux 10 as reported in CVE-2026-12969 with a medium CVSS score of 5.3.
Potential Impact
The vulnerability allows a remote attacker to cause a 10-byte heap out-of-bounds read in dnsmasq, potentially exposing stale data from previous DNS transactions. There is no indication of integrity or availability impact. The confidentiality impact is limited to possible disclosure of residual memory data.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory at https://access.redhat.com/security/cve/CVE-2026-12969 for current remediation guidance. No official fix or temporary mitigation is currently documented. Monitor the vendor advisory for updates on patches or recommended mitigations.
CVE-2026-12969: Out-of-bounds Read in Red Hat Red Hat Enterprise Linux 10
Description
An out-of-bounds read vulnerability exists in dnsmasq's find_soa() function in src/rfc1035.c. When parsing NS section records, extract_name() is called with extrabytes=0, failing to validate that 10 additional bytes exist for fixed-length DNS record fields. A remote attacker controlling a DNS zone can exploit this via a crafted NXDOMAIN response to cause a 10-byte heap out-of-bounds read, potentially accessing stale data from prior transactions.
CVSS v3.1
Score 5.3medium
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
This vulnerability involves an out-of-bounds read in dnsmasq's find_soa() function within src/rfc1035.c. Specifically, when parsing NS section records, the extract_name() function is called with extrabytes=0, which fails to verify the presence of 10 additional bytes needed for fixed-length DNS record fields. This flaw allows a remote attacker who controls a DNS zone to trigger a 10-byte heap out-of-bounds read via a crafted NXDOMAIN response, potentially exposing stale data from prior DNS transactions. The issue affects Red Hat Enterprise Linux 10 as reported in CVE-2026-12969 with a medium CVSS score of 5.3.
Potential Impact
The vulnerability allows a remote attacker to cause a 10-byte heap out-of-bounds read in dnsmasq, potentially exposing stale data from previous DNS transactions. There is no indication of integrity or availability impact. The confidentiality impact is limited to possible disclosure of residual memory data.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory at https://access.redhat.com/security/cve/CVE-2026-12969 for current remediation guidance. No official fix or temporary mitigation is currently documented. Monitor the vendor advisory for updates on patches or recommended mitigations.
Technical Details
- Data Version
- 5.2
- Assigner Short Name
- redhat
- Date Reserved
- 2026-06-23T09:25:06.270Z
- Cvss Version
- 3.1
- State
- PUBLISHED
- Remediation Level
- null
- Vendor Advisory Urls
- [{"url":"https://access.redhat.com/security/cve/CVE-2026-12969","vendor":"Red Hat"}]
Threat ID: 6a3a9005eed863c81e147b97
Added to database: 06/23/2026, 13:54:13 UTC
Last enriched: 06/23/2026, 14:09:08 UTC
Last updated: 06/23/2026, 14:47:29 UTC
Views: 4
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.