A buffer overflow in dnsmasq’s extract_addresses() function allows an attacker to trigger a heap out-of-bounds read and crash by exploiting a malformed DNS response, enabling extract_name() to advance the pointer past the record’s end.
2. dnsmasq: extract_addresses() OOB read via malformed rdlen
A heap out-of-bounds read vulnerability was discovered in dnsmasq's DNS response processing. The extract_addresses() function trusts the declared record data length (rdlen) without verifying that a subsequent call to extract_name() stays within the record boundary. A crafted DNS response with a mismatched rdlen causes the remaining-bytes calculation to underflow, resulting in a massive out-of-bounds read and process crash.