oss-security - Re: Questionable CVE's reported against dnsmasq

Follow @Openwall on Twitter for new release announcements and other news

[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]

Message-ID: <84b54a0c-c68b-4d39-8d7c-6e16da591b19@oracle.com>
Date: Wed, 29 Oct 2025 17:12:03 -0700
From: Alan Coopersmith <alan.coopersmith@...cle.com>
To: oss-security@...ts.openwall.com
Subject: Re: Questionable CVE's reported against dnsmasq

On 10/27/25 09:34, Alan Coopersmith wrote:
> Among the new CVE's published this weekend were these from the VulDB CNA:
> 
> CVE-2025-12198
> 
>     A vulnerability has been found in dnsmasq up to 2.73rc6. Affected is the
[...]
> 
> CVE-2025-12199
> 
>     A vulnerability was found in dnsmasq up to 2.73rc6. Affected by this
[...]
> 
> CVE-2025-12200
> 
>     A vulnerability was determined in dnsmasq up to 2.73rc6. Affected by this
[...]

The folks on the dnsmasq mailing list also pointed out the version claimed is
a release candidate from 10 years ago, not anything current:

https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2025q4/018338.html

(The current stable release of dnsmasq is version 2.91 from March of this year.)

-- 
         -Alan Coopersmith-                 alan.coopersmith@...cle.com
          Oracle Solaris Engineering - https://blogs.oracle.com/solaris

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.