CVE-2025-12198 | dnsmasq up to 2.73rc6 Config File src/util.c parse_hex i heap-based overflow

A vulnerability classified as critical has been found in dnsmasq up to 2.73rc6. Affected is the function parse_hex of the file src/util.c of the component Config File Handler. The manipulation of the argument i leads to heap-based buffer overflow.

This vulnerability is uniquely identified as CVE-2025-12198. Local access is required to approach this attack. Moreover, an exploit is present.

The vendor was contacted early about this disclosure but did not respond in any way.VulDB Recent EntriesRead More