Techly NewsGet the app

Get the latest tech news

Are these real CVEs? VulDB entries for dnsmasq rely on replacing config files


-sec mailing list archives Re: Questionable CVE's reported against dnsmasq From: Moritz Mühlenhoff <jmm () inutil org> Date: Mon, 27 Oct 2025 19:21:54 +0000 On Mon, Oct 27, 2025 at 09:34:03AM -0700, Alan Coopersmith wrote: Among the new CVE's published this weekend were these from the VulDB CNA: For all three bugs, the documented "exploit" requires "Replace the default configuration file (/etc/dnsmasq.conf) with the provided malicious file." and if you can replace the server's configuration file you don't need to play games with putting invalid contents in to break the parser, but can simply change the configuration directly. The same nonsense also happened for the Kamailio SIP server (CVE-2025-12204, CVE-2025-12205, CVE-2025-12206 and CVE-2025-12207).

None

Get the Android app

Or read this on Hacker News

Read more on:

Photo of Dnsmasq

Dnsmasq

Photo of config files

config files

Photo of real CVEs

real CVEs

Related news:

News photo

Critical Cache Poisoning Vulnerability in Dnsmasq

News photo

CONL: "Markdown" for your config files

News photo

Ziggy: Data serialization language for expressing API messages, config files

« AI can code, but it can't build software
WSUS attacks hit 'multiple' orgs as Google and other infosec sleuths ring Redmond’s alarm bell »