oss-sec mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Questionable CVE's reported against dnsmasq

From: "Olle E. Johansson" <oej () edvina net>
Date: Sun, 2 Nov 2025 11:30:19 +0100



On 1 Nov 2025, at 04:00, Solar Designer <solar () openwall com> wrote:

CVEs against dnsmasq (CVE-2025-12198, CVE-2025-12199, CVE-2025-12200)
and Kamailio (CVE-2025-12204, CVE-2025-12205, CVE-2025-12206, and
CVE-2025-12207) mentioned in this thread are not yet disputed and have
no comments of this sort in their descriptions.


As part of the Kamailio project I can say that we did just become aware of these CVEs in your email. They do not make 
sense. Trying to get to the report, the config files used to provoke the issue can’t be downloaded.

If you have access to edit the config files, there are much more simple ways to cause damage than to provoke a problem 
in the config file parser.

We will have an internal discussion but that will likely lead to the project disputing these CVEs.

Best regards,
/Olle
Previous By Date Next
Previous By Thread Next

Current thread: