CVE-2026-6507
Received Received - Intake
Out-of-Bounds Write in dnsmasq DHCP Causes DoS Crash

Publication date: 2026-04-17

Last updated on: 2026-04-17

Assigner: Red Hat, Inc.

Description
A flaw was found in dnsmasq. A remote attacker could exploit an out-of-bounds write vulnerability by sending a specially crafted BOOTREPLY (Bootstrap Protocol Reply) packet to a dnsmasq server configured with the `--dhcp-split-relay` option. This can lead to memory corruption, causing the dnsmasq daemon to crash and resulting in a denial of service (DoS).
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-04-17
Last Modified
2026-04-17
Generated
2026-06-16
AI Q&A
2026-04-17
EPSS Evaluated
2026-06-14
NVD
CVE-2026-6507
EUVD
EUVD-2026-23419
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
the_isc dnsmasq *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-787 The product writes data past the end, or before the beginning, of the intended buffer.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability is an out-of-bounds write flaw found in dnsmasq. It can be exploited remotely by sending a specially crafted BOOTREPLY (Bootstrap Protocol Reply) packet to a dnsmasq server that is configured with the `--dhcp-split-relay` option.

Exploiting this flaw can cause memory corruption in the dnsmasq daemon.

As a result, the dnsmasq service may crash, leading to a denial of service (DoS) condition.

Impact Analysis

The primary impact of this vulnerability is a denial of service (DoS) on the affected dnsmasq server.

An attacker can remotely cause the dnsmasq daemon to crash by exploiting the out-of-bounds write, which disrupts network services relying on dnsmasq.

This can lead to network outages or interruptions in DHCP and DNS services provided by dnsmasq.

Compliance Impact

The vulnerability in dnsmasq allows a remote attacker to cause a denial of service (DoS) by crashing the dnsmasq daemon through memory corruption. This impacts availability but does not directly affect confidentiality or integrity of data.

Since the vulnerability does not lead to data leakage or unauthorized data modification, its impact on compliance with standards like GDPR or HIPAA, which focus heavily on protecting personal data confidentiality and integrity, is limited.

However, the denial of service could affect system availability, which is a component of some compliance frameworks. Organizations relying on dnsmasq for DHCP services should consider the potential availability impact when assessing compliance risks.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-6507. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart