dnsmasq Config File option.c parse_dhcp_opt null pointer dereference_CVE-2025-12200

4.8 / 10

MEDIUM

CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P

Description

A vulnerability was determined in dnsmasq up to 2.73rc6. Affected by this issue is the function parse_dhcp_opt of the file src/option.c of the component Config File Handler. This manipulation of the argument m causes null pointer dereference. The attack can only be executed locally. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.

Basic Information

ID CVE-2025-12200

Source VulDB

Published Oct 27, 2025 at 01:07

Affected Product

Vendor n/a

Product dnsmasq

Version 2.73rc1

Affected Versions n/a dnsmasq 2.73rc1
n/a dnsmasq 2.73rc2
n/a dnsmasq 2.73rc3
n/a dnsmasq 2.73rc4
n/a dnsmasq 2.73rc5
n/a dnsmasq 2.73rc6

CWE Classification

CWE-476 CWE-404

References

{
    "lastseen": "",
    "description": "A vulnerability was determined in dnsmasq up to 2.73rc6. Affected by this issue is the function parse_dhcp_opt of the file src/option.c of the component Config File Handler. This manipulation of the argument m causes null pointer dereference. The attack can only be executed locally. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.",
    "published": "2025-10-27T01:07:44.551Z",
    "modified": "2025-10-27T01:07:44.551Z",
    "type": "cve",
    "title": "dnsmasq Config File option.c parse_dhcp_opt null pointer dereference",
    "source": "VulDB",
    "references": "https://vuldb.com/?id.329870\nhttps://vuldb.com/?ctiid.329870\nhttps://vuldb.com/?submit.673155\nhttps://shimo.im/docs/5xkGoMo0WVfY4dkX/",
    "id": "CVE-2025-12200",
    "bulletinFamily": "",
    "cwe": [
        "CWE-476",
        "CWE-404"
    ],
    "cvelist": null,
    "sourceData": "n/a dnsmasq 2.73rc1\nn/a dnsmasq 2.73rc2\nn/a dnsmasq 2.73rc3\nn/a dnsmasq 2.73rc4\nn/a dnsmasq 2.73rc5\nn/a dnsmasq 2.73rc6",
    "sourceHref": "",
    "cvss": {
        "score": 4.8,
        "severity": "MEDIUM",
        "vector": "CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:P",
        "version": "4.0"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "dnsmasq",
    "version": "2.73rc1",
    "vendor": "n/a",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}