{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-12199", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2025-10-25T06:22:00.749Z", "datePublished": "2025-10-27T01:02:09.029Z", "dateUpdated": "2025-10-28T01:21:01.416Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2025-10-27T01:02:09.029Z"}, "title": "dnsmasq Config File network.c check_servers null pointer dereference", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-476", "lang": "en", "description": "NULL Pointer Dereference"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-404", "lang": "en", "description": "Denial of Service"}]}], "affected": [{"vendor": "n/a", "product": "dnsmasq", "versions": [{"version": "2.73rc1", "status": "affected"}, {"version": "2.73rc2", "status": "affected"}, {"version": "2.73rc3", "status": "affected"}, {"version": "2.73rc4", "status": "affected"}, {"version": "2.73rc5", "status": "affected"}, {"version": "2.73rc6", "status": "affected"}], "modules": ["Config File Handler"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in dnsmasq up to 2.73rc6. Affected by this vulnerability is the function check_servers of the file src/network.c of the component Config File Handler. The manipulation results in null pointer dereference. The attack needs to be approached locally. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way."}, {"lang": "de", "value": "Es wurde eine Schwachstelle in dnsmasq up to 2.73rc6 entdeckt. Das betrifft die Funktion check_servers der Datei src/network.c der Komponente Config File Handler. Dank Manipulation mit unbekannten Daten kann eine null pointer dereference-Schwachstelle ausgenutzt werden. Umgesetzt werden muss der Angriff lokal. Die Ausnutzung wurde ver\u00f6ffentlicht und kann verwendet werden."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 4.8, "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 3.3, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R", "baseSeverity": "LOW"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 3.3, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R", "baseSeverity": "LOW"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 1.7, "vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:ND/RC:UR"}}], "timeline": [{"time": "2025-10-25T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2025-10-25T02:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2025-10-25T08:27:12.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "zh_vul (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.329869", "name": "VDB-329869 | dnsmasq Config File network.c check_servers null pointer dereference", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.329869", "name": "VDB-329869 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.673154", "name": "Submit #673154 | dnsmasq v2.73rc6 NULL Pointer Dereference", "tags": ["third-party-advisory"]}, {"url": "https://shimo.im/docs/ZzkLMVMN7vIYJBAQ/", "tags": ["exploit"]}], "tags": ["x_open-source"]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-10-27T19:55:33.466030Z", "id": "CVE-2025-12199", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-27T19:55:41.291Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-10-28T01:21:01.416Z"}, "references": [{"url": "https://www.openwall.com/lists/oss-security/2025/10/27/1"}, {"url": "https://news.ycombinator.com/item?id=45727137"}], "title": "CVE Program Container", "x_generator": {"engine": "ADPogram 0.0.1"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CVE Program Container", "references": [{"url": "https://www.openwall.com/lists/oss-security/2025/10/27/1"}, {"url": "https://news.ycombinator.com/item?id=45727137"}], "x_generator": {"engine": "ADPogram 0.0.1"}, "providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-10-28T01:21:01.416Z"}}, {"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-12199", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-10-27T19:55:33.466030Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-27T19:55:38.033Z"}}], "cna": {"tags": ["x_open-source"], "title": "dnsmasq Config File network.c check_servers null pointer dereference", "credits": [{"lang": "en", "type": "reporter", "value": "zh_vul (VulDB User)"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 4.8, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 3.3, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 3.3, "baseSeverity": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 1.7, "vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:ND/RC:UR"}}], "affected": [{"vendor": "n/a", "modules": ["Config File Handler"], "product": "dnsmasq", "versions": [{"status": "affected", "version": "2.73rc1"}, {"status": "affected", "version": "2.73rc2"}, {"status": "affected", "version": "2.73rc3"}, {"status": "affected", "version": "2.73rc4"}, {"status": "affected", "version": "2.73rc5"}, {"status": "affected", "version": "2.73rc6"}]}], "timeline": [{"lang": "en", "time": "2025-10-25T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2025-10-25T02:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2025-10-25T08:27:12.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.329869", "name": "VDB-329869 | dnsmasq Config File network.c check_servers null pointer dereference", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.329869", "name": "VDB-329869 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.673154", "name": "Submit #673154 | dnsmasq v2.73rc6 NULL Pointer Dereference", "tags": ["third-party-advisory"]}, {"url": "https://shimo.im/docs/ZzkLMVMN7vIYJBAQ/", "tags": ["exploit"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was found in dnsmasq up to 2.73rc6. Affected by this vulnerability is the function check_servers of the file src/network.c of the component Config File Handler. The manipulation results in null pointer dereference. The attack needs to be approached locally. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way."}, {"lang": "de", "value": "Es wurde eine Schwachstelle in dnsmasq up to 2.73rc6 entdeckt. Das betrifft die Funktion check_servers der Datei src/network.c der Komponente Config File Handler. Dank Manipulation mit unbekannten Daten kann eine null pointer dereference-Schwachstelle ausgenutzt werden. Umgesetzt werden muss der Angriff lokal. Die Ausnutzung wurde ver\u00f6ffentlicht und kann verwendet werden."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-476", "description": "NULL Pointer Dereference"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-404", "description": "Denial of Service"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2025-10-27T01:02:09.029Z"}}}, "cveMetadata": {"cveId": "CVE-2025-12199", "state": "PUBLISHED", "dateUpdated": "2025-10-28T01:21:01.416Z", "dateReserved": "2025-10-25T06:22:00.749Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2025-10-27T01:02:09.029Z", "assignerShortName": "VulDB"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was found in dnsmasq up to 2.73rc6. Affected by this vulnerability is the function check_servers of the file src/network.c of the component Config File Handler. The manipulation results in null pointer dereference. The attack needs to be approached locally. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way."}], "id": "CVE-2025-12199", "lastModified": "2025-10-28T02:15:35.347", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 1.7, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 3.1, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 1.4, "source": "cna@vuldb.com", "type": "Secondary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2025-10-27T01:15:39.737", "references": [{"source": "cna@vuldb.com", "url": "https://shimo.im/docs/ZzkLMVMN7vIYJBAQ/"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?ctiid.329869"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?id.329869"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?submit.673154"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://news.ycombinator.com/item?id=45727137"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.openwall.com/lists/oss-security/2025/10/27/1"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-404"}, {"lang": "en", "value": "CWE-476"}], "source": "cna@vuldb.com", "type": "Secondary"}]}

{"bugzilla": {"description": "dnsmasq: dnsmasq Config File network.c check_servers null pointer dereference", "id": "2406461", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2406461"}, "csaw": false, "cvss3": {"cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "status": "draft"}, "cwe": "(CWE-404|CWE-476)", "details": ["A null pointer dereference vulnerability exists in dnsmasq, within the function check_servers() in src/network.c. When dnsmasq attempts to log upstream servers during startup, a malformed or inconsistent configuration may cause the SERV_HAS_DOMAIN flag to be set while serv->domain is NULL. This results in a call to strlen(serv->domain), triggering a segmentation fault and crashing the service. The issue leads to a Denial of Service (DoS) condition, preventing dnsmasq from starting properly."], "mitigation": {"lang": "en:us", "value": "No mitigation is currently available that meets Red Hat Product Security\u2019s standards for usability, deployment, applicability, or stability.\nTo reduce the risk, ensure that only trusted and validated configuration files are used by dnsmasq, and restrict write or modification permissions on /etc/dnsmasq.conf and related directories to authorized users. Avoid loading dynamically generated or unverified configurations."}, "name": "CVE-2025-12199", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "dnsmasq", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Fix deferred", "package_name": "dnsmasq", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Fix deferred", "package_name": "dnsmasq", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "dnsmasq", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "dnsmasq", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Fix deferred", "package_name": "rhcos", "product_name": "Red Hat OpenShift Container Platform 4"}], "public_date": "2025-10-27T01:02:09Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-12199\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-12199\nhttps://shimo.im/docs/ZzkLMVMN7vIYJBAQ/\nhttps://vuldb.com/?ctiid.329869\nhttps://vuldb.com/?id.329869\nhttps://vuldb.com/?submit.673154"], "statement": "This vulnerability is considered Low severity because it can only be triggered through a locally supplied or misconfigured configuration file, not through network input or remote interaction. The flaw results in a crash during dnsmasq\u2019s initial startup phase, meaning the service fails to launch rather than being disrupted while active. It does not allow memory corruption, code execution, or privilege escalation\u2014only a predictable null pointer dereference leading to process termination. Since exploitation requires direct access to or control over the dnsmasq configuration, the attack surface is minimal in typical deployments where configurations are managed by trusted administrators.", "threat_severity": "Low"}