dnsmasq Config File network.c check_servers null pointer dereference_CVE-2025-12199

4.8 / 10

MEDIUM

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P

Description

A vulnerability was found in dnsmasq up to 2.73rc6. Affected by this vulnerability is the function check_servers of the file src/network.c of the component Config File Handler. The manipulation results in null pointer dereference. The attack needs to be approached locally. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.

Basic Information

ID CVE-2025-12199

Source VulDB

Published Oct 27, 2025 at 01:02

Affected Product

Vendor n/a

Product dnsmasq

Version 2.73rc1

Affected Versions n/a dnsmasq 2.73rc1
n/a dnsmasq 2.73rc2
n/a dnsmasq 2.73rc3
n/a dnsmasq 2.73rc4
n/a dnsmasq 2.73rc5
n/a dnsmasq 2.73rc6

CWE Classification

CWE-476 CWE-404

References

{
    "lastseen": "",
    "description": "A vulnerability was found in dnsmasq up to 2.73rc6. Affected by this vulnerability is the function check_servers of the file src/network.c of the component Config File Handler. The manipulation results in null pointer dereference. The attack needs to be approached locally. The exploit has been made public and could be used. The vendor was contacted early about this disclosure but did not respond in any way.",
    "published": "2025-10-27T01:02:09.029Z",
    "modified": "2025-10-27T01:02:09.029Z",
    "type": "cve",
    "title": "dnsmasq Config File network.c check_servers null pointer dereference",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.329869\nhttps://vuldb.com/?ctiid.329869\nhttps://vuldb.com/?submit.673154\nhttps://shimo.im/docs/ZzkLMVMN7vIYJBAQ/",
    "id": "CVE-2025-12199",
    "bulletinFamily": "",
    "cwe": [
        "CWE-476",
        "CWE-404"
    ],
    "cvelist": null,
    "sourceData": "n/a dnsmasq 2.73rc1\nn/a dnsmasq 2.73rc2\nn/a dnsmasq 2.73rc3\nn/a dnsmasq 2.73rc4\nn/a dnsmasq 2.73rc5\nn/a dnsmasq 2.73rc6",
    "sourceHref": "",
    "cvss": {
        "score": 4.8,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "dnsmasq",
    "version": "2.73rc1",
    "vendor": "n/a",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}