{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-12200", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "state": "PUBLISHED", "assignerShortName": "VulDB", "dateReserved": "2025-10-25T06:22:04.063Z", "datePublished": "2025-10-27T01:07:44.551Z", "dateUpdated": "2025-10-28T01:21:20.777Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2025-10-27T01:07:44.551Z"}, "title": "dnsmasq Config File option.c parse_dhcp_opt null pointer dereference", "problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-476", "lang": "en", "description": "NULL Pointer Dereference"}]}, {"descriptions": [{"type": "CWE", "cweId": "CWE-404", "lang": "en", "description": "Denial of Service"}]}], "affected": [{"vendor": "n/a", "product": "dnsmasq", "versions": [{"version": "2.73rc1", "status": "affected"}, {"version": "2.73rc2", "status": "affected"}, {"version": "2.73rc3", "status": "affected"}, {"version": "2.73rc4", "status": "affected"}, {"version": "2.73rc5", "status": "affected"}, {"version": "2.73rc6", "status": "affected"}], "modules": ["Config File Handler"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was determined in dnsmasq up to 2.73rc6. Affected by this issue is the function parse_dhcp_opt of the file src/option.c of the component Config File Handler. This manipulation of the argument m causes null pointer dereference. The attack can only be executed locally. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way."}, {"lang": "de", "value": "In dnsmasq up to 2.73rc6 wurde eine Schwachstelle gefunden. Dies betrifft die Funktion parse_dhcp_opt der Datei src/option.c der Komponente Config File Handler. Mit der Manipulation des Arguments m mit unbekannten Daten kann eine null pointer dereference-Schwachstelle ausgenutzt werden. Der Angriff erfordert einen lokalen Zugriff. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 4.8, "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P", "baseSeverity": "MEDIUM"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 3.3, "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R", "baseSeverity": "LOW"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 3.3, "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R", "baseSeverity": "LOW"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 1.7, "vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:ND/RC:UR"}}], "timeline": [{"time": "2025-10-25T00:00:00.000Z", "lang": "en", "value": "Advisory disclosed"}, {"time": "2025-10-25T02:00:00.000Z", "lang": "en", "value": "VulDB entry created"}, {"time": "2025-10-25T08:27:13.000Z", "lang": "en", "value": "VulDB entry last update"}], "credits": [{"lang": "en", "value": "zh_vul (VulDB User)", "type": "reporter"}], "references": [{"url": "https://vuldb.com/?id.329870", "name": "VDB-329870 | dnsmasq Config File option.c parse_dhcp_opt null pointer dereference", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.329870", "name": "VDB-329870 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.673155", "name": "Submit #673155 | dnsmasq v2.73rc6 NULL Pointer Dereference", "tags": ["third-party-advisory"]}, {"url": "https://shimo.im/docs/5xkGoMo0WVfY4dkX/", "tags": ["exploit"]}], "tags": ["x_open-source"]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-10-27T19:57:38.284456Z", "id": "CVE-2025-12200", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-27T19:57:55.085Z"}}, {"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2025-10-28T01:21:20.777Z"}, "references": [{"url": "https://www.openwall.com/lists/oss-security/2025/10/27/1"}, {"url": "https://news.ycombinator.com/item?id=45727137"}], "title": "CVE Program Container", "x_generator": {"engine": "ADPogram 0.0.1"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-12200", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-10-27T19:57:38.284456Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-27T19:57:49.286Z"}}], "cna": {"tags": ["x_open-source"], "title": "dnsmasq Config File option.c parse_dhcp_opt null pointer dereference", "credits": [{"lang": "en", "type": "reporter", "value": "zh_vul (VulDB User)"}], "metrics": [{"cvssV4_0": {"version": "4.0", "baseScore": 4.8, "baseSeverity": "MEDIUM", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P"}}, {"cvssV3_1": {"version": "3.1", "baseScore": 3.3, "baseSeverity": "LOW", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R"}}, {"cvssV3_0": {"version": "3.0", "baseScore": 3.3, "baseSeverity": "LOW", "vectorString": "CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L/E:P/RL:X/RC:R"}}, {"cvssV2_0": {"version": "2.0", "baseScore": 1.7, "vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P/E:POC/RL:ND/RC:UR"}}], "affected": [{"vendor": "n/a", "modules": ["Config File Handler"], "product": "dnsmasq", "versions": [{"status": "affected", "version": "2.73rc1"}, {"status": "affected", "version": "2.73rc2"}, {"status": "affected", "version": "2.73rc3"}, {"status": "affected", "version": "2.73rc4"}, {"status": "affected", "version": "2.73rc5"}, {"status": "affected", "version": "2.73rc6"}]}], "timeline": [{"lang": "en", "time": "2025-10-25T00:00:00.000Z", "value": "Advisory disclosed"}, {"lang": "en", "time": "2025-10-25T02:00:00.000Z", "value": "VulDB entry created"}, {"lang": "en", "time": "2025-10-25T08:27:13.000Z", "value": "VulDB entry last update"}], "references": [{"url": "https://vuldb.com/?id.329870", "name": "VDB-329870 | dnsmasq Config File option.c parse_dhcp_opt null pointer dereference", "tags": ["vdb-entry", "technical-description"]}, {"url": "https://vuldb.com/?ctiid.329870", "name": "VDB-329870 | CTI Indicators (IOB, IOC, IOA)", "tags": ["signature", "permissions-required"]}, {"url": "https://vuldb.com/?submit.673155", "name": "Submit #673155 | dnsmasq v2.73rc6 NULL Pointer Dereference", "tags": ["third-party-advisory"]}, {"url": "https://shimo.im/docs/5xkGoMo0WVfY4dkX/", "tags": ["exploit"]}], "descriptions": [{"lang": "en", "value": "A vulnerability was determined in dnsmasq up to 2.73rc6. Affected by this issue is the function parse_dhcp_opt of the file src/option.c of the component Config File Handler. This manipulation of the argument m causes null pointer dereference. The attack can only be executed locally. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way."}, {"lang": "de", "value": "In dnsmasq up to 2.73rc6 wurde eine Schwachstelle gefunden. Dies betrifft die Funktion parse_dhcp_opt der Datei src/option.c der Komponente Config File Handler. Mit der Manipulation des Arguments m mit unbekannten Daten kann eine null pointer dereference-Schwachstelle ausgenutzt werden. Der Angriff erfordert einen lokalen Zugriff. Der Exploit steht zur \u00f6ffentlichen Verf\u00fcgung."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-476", "description": "NULL Pointer Dereference"}]}, {"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-404", "description": "Denial of Service"}]}], "providerMetadata": {"orgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "shortName": "VulDB", "dateUpdated": "2025-10-27T01:07:44.551Z"}}}, "cveMetadata": {"cveId": "CVE-2025-12200", "state": "PUBLISHED", "dateUpdated": "2025-10-27T19:57:55.085Z", "dateReserved": "2025-10-25T06:22:04.063Z", "assignerOrgId": "1af790b2-7ee1-4545-860a-a788eba489b5", "datePublished": "2025-10-27T01:07:44.551Z", "assignerShortName": "VulDB"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "A vulnerability was determined in dnsmasq up to 2.73rc6. Affected by this issue is the function parse_dhcp_opt of the file src/option.c of the component Config File Handler. This manipulation of the argument m causes null pointer dereference. The attack can only be executed locally. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way."}], "id": "CVE-2025-12200", "lastModified": "2025-10-28T02:15:35.483", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "SINGLE", "availabilityImpact": "PARTIAL", "baseScore": 1.7, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:S/C:N/I:N/A:P", "version": "2.0"}, "exploitabilityScore": 3.1, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "cna@vuldb.com", "type": "Secondary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "LOW", "baseScore": 3.3, "baseSeverity": "LOW", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 1.4, "source": "cna@vuldb.com", "type": "Secondary"}], "cvssMetricV40": [{"cvssData": {"Automatable": "NOT_DEFINED", "Recovery": "NOT_DEFINED", "Safety": "NOT_DEFINED", "attackComplexity": "LOW", "attackRequirements": "NONE", "attackVector": "LOCAL", "availabilityRequirement": "NOT_DEFINED", "baseScore": 4.8, "baseSeverity": "MEDIUM", "confidentialityRequirement": "NOT_DEFINED", "exploitMaturity": "PROOF_OF_CONCEPT", "integrityRequirement": "NOT_DEFINED", "modifiedAttackComplexity": "NOT_DEFINED", "modifiedAttackRequirements": "NOT_DEFINED", "modifiedAttackVector": "NOT_DEFINED", "modifiedPrivilegesRequired": "NOT_DEFINED", "modifiedSubAvailabilityImpact": "NOT_DEFINED", "modifiedSubConfidentialityImpact": "NOT_DEFINED", "modifiedSubIntegrityImpact": "NOT_DEFINED", "modifiedUserInteraction": "NOT_DEFINED", "modifiedVulnAvailabilityImpact": "NOT_DEFINED", "modifiedVulnConfidentialityImpact": "NOT_DEFINED", "modifiedVulnIntegrityImpact": "NOT_DEFINED", "privilegesRequired": "LOW", "providerUrgency": "NOT_DEFINED", "subAvailabilityImpact": "NONE", "subConfidentialityImpact": "NONE", "subIntegrityImpact": "NONE", "userInteraction": "NONE", "valueDensity": "NOT_DEFINED", "vectorString": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X", "version": "4.0", "vulnAvailabilityImpact": "LOW", "vulnConfidentialityImpact": "NONE", "vulnIntegrityImpact": "NONE", "vulnerabilityResponseEffort": "NOT_DEFINED"}, "source": "cna@vuldb.com", "type": "Secondary"}]}, "published": "2025-10-27T01:15:39.937", "references": [{"source": "cna@vuldb.com", "url": "https://shimo.im/docs/5xkGoMo0WVfY4dkX/"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?ctiid.329870"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?id.329870"}, {"source": "cna@vuldb.com", "url": "https://vuldb.com/?submit.673155"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://news.ycombinator.com/item?id=45727137"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://www.openwall.com/lists/oss-security/2025/10/27/1"}], "sourceIdentifier": "cna@vuldb.com", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-404"}, {"lang": "en", "value": "CWE-476"}], "source": "cna@vuldb.com", "type": "Secondary"}]}

{"bugzilla": {"description": "dnsmasq: dnsmasq Config File option.c parse_dhcp_opt null pointer dereference", "id": "2406465", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2406465"}, "csaw": false, "cvss3": {"cvss3_base_score": "3.3", "cvss3_scoring_vector": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:L", "status": "draft"}, "cwe": "(CWE-404|CWE-476)", "details": ["A NULL pointer dereference vulnerability in dnsmasq, located in the function parse_dhcp_opt() (src/option.c). When parsing a malformed or empty OPTION_SIP_SERVER configuration value, the temporary buffer m remains uninitialized (NULL). The code later unconditionally performs m[0] = 0, resulting in a write to the null address and causing a segmentation fault during startup. This leads to a Denial of Service (DoS) condition, preventing dnsmasq from launching. The issue can be exploited locally by supplying a crafted dnsmasq.conf file."], "mitigation": {"lang": "en:us", "value": "No mitigation is currently available that meets Red Hat Product Security\u2019s standards for usability, deployment, applicability, or stability.\nTo reduce the risk, restrict write access to the dnsmasq.conf file and related configuration directories to trusted, privileged users only. Ensure that no untrusted process or user can modify DHCP or SIP-related options in the configuration. Deploy integrity monitoring or configuration management tools to detect unauthorized changes before restart."}, "name": "CVE-2025-12200", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:10", "fix_state": "Fix deferred", "package_name": "dnsmasq", "product_name": "Red Hat Enterprise Linux 10"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Fix deferred", "package_name": "dnsmasq", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Fix deferred", "package_name": "dnsmasq", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Fix deferred", "package_name": "dnsmasq", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Fix deferred", "package_name": "dnsmasq", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:openshift:4", "fix_state": "Fix deferred", "package_name": "rhcos", "product_name": "Red Hat OpenShift Container Platform 4"}], "public_date": "2025-10-27T01:07:44Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2025-12200\nhttps://nvd.nist.gov/vuln/detail/CVE-2025-12200\nhttps://shimo.im/docs/5xkGoMo0WVfY4dkX/\nhttps://vuldb.com/?ctiid.329870\nhttps://vuldb.com/?id.329870\nhttps://vuldb.com/?submit.673155"], "statement": "This vulnerability is rated Low because it only results in a local denial of service rather than a compromise of integrity or confidentiality. The crash occurs during configuration parsing\u2014before dnsmasq begins serving network requests\u2014so it cannot be remotely triggered through normal DNS or DHCP traffic. Exploitation requires local access or control over the dnsmasq configuration file, which is typically restricted to privileged users. While the crash is deterministic and causes complete service unavailability, its impact is limited to availability and cannot be used to execute arbitrary code or escalate privileges.", "threat_severity": "Low"}