CVE-2025-12200

Sažetak

A vulnerability was determined in dnsmasq up to 2.73rc6. Affected by this issue is the function parse_dhcp_opt of the file src/option.c of the component Config File Handler. This manipulation of the argument m causes null pointer dereference. The attack can only be executed locally. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.

Reference

https://shimo.im/docs/5xkGoMo0WVfY4dkX/
https://vuldb.com/?ctiid.329870
https://vuldb.com/?id.329870
https://vuldb.com/?submit.673155
https://news.ycombinator.com/item?id=45727137
https://www.openwall.com/lists/oss-security/2025/10/27/1

CVSS

Base:	1.7
Impact:	2.9
Exploitability:	3.1

Pristup

Vektor	Složenost	Autentikacija
LOCAL	LOW	SINGLE

Impact

Povjerljivost	Cjelovitost	Dostupnost
NONE	NONE	PARTIAL

CVSS vektor

AV:L/AC:L/Au:S/C:N/I:N/A:P

Zadnje važnije ažuriranje

28-10-2025 - 02:15

Objavljeno

27-10-2025 - 01:15