Django REST framework

Lookup for vulnerabilities affecting packages.

Vulnerability_id VCID-fr17-1b8u-4qcw

Summary dnsmasq: RRSIG rdlen underflow leading to heap OOB read

Aliases

alias	CVE-2026-4891

Fixed_packages

url	pkg:deb/debian/dnsmasq@2.90-4~deb12u2
purl	pkg:deb/debian/dnsmasq@2.90-4~deb12u2
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/dnsmasq@2.90-4~deb12u2

url	pkg:deb/debian/dnsmasq@2.90-4~deb12u2?distro=trixie
purl	pkg:deb/debian/dnsmasq@2.90-4~deb12u2?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/dnsmasq@2.90-4~deb12u2%3Fdistro=trixie

url	pkg:deb/debian/dnsmasq@2.91-1%2Bdeb13u1?distro=trixie
purl	pkg:deb/debian/dnsmasq@2.91-1%2Bdeb13u1?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/dnsmasq@2.91-1%252Bdeb13u1%3Fdistro=trixie

url	pkg:deb/debian/dnsmasq@2.92-5?distro=trixie
purl	pkg:deb/debian/dnsmasq@2.92-5?distro=trixie
is_vulnerable	`false`
affected_by_vulnerabilities
resource_url	http://public2.vulnerablecode.io/packages/pkg:deb/debian/dnsmasq@2.92-5%3Fdistro=trixie

Affected_packages

url pkg:deb/debian/dnsmasq@2.85-1

purl pkg:deb/debian/dnsmasq@2.85-1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8tn1-dumg-53ff

vulnerability	VCID-fr17-1b8u-4qcw

vulnerability	VCID-gfdc-jt1c-7ben

vulnerability	VCID-h6zz-az46-7qh6

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/dnsmasq@2.85-1

url pkg:deb/debian/dnsmasq@2.85-1?distro=trixie

purl pkg:deb/debian/dnsmasq@2.85-1?distro=trixie

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-2va3-wp8r-fkgp

vulnerability	VCID-8tn1-dumg-53ff

vulnerability	VCID-cph9-f6gy-6fc7

vulnerability	VCID-ez7v-3qn8-nkh3

vulnerability	VCID-fr17-1b8u-4qcw

vulnerability	VCID-gfdc-jt1c-7ben

vulnerability	VCID-h6zz-az46-7qh6

resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/dnsmasq@2.85-1%3Fdistro=trixie

url pkg:rpm/redhat/dnsmasq@2.79-36?arch=el8_10

purl pkg:rpm/redhat/dnsmasq@2.79-36?arch=el8_10

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8tn1-dumg-53ff

vulnerability	VCID-ez7v-3qn8-nkh3

vulnerability	VCID-fr17-1b8u-4qcw

vulnerability	VCID-gfdc-jt1c-7ben

vulnerability	VCID-h6zz-az46-7qh6

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/dnsmasq@2.79-36%3Farch=el8_10

url pkg:rpm/redhat/dnsmasq@2.85-18.el9_8?arch=1

purl pkg:rpm/redhat/dnsmasq@2.85-18.el9_8?arch=1

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8tn1-dumg-53ff

vulnerability	VCID-ez7v-3qn8-nkh3

vulnerability	VCID-fr17-1b8u-4qcw

vulnerability	VCID-gfdc-jt1c-7ben

vulnerability	VCID-h6zz-az46-7qh6

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/dnsmasq@2.85-18.el9_8%3Farch=1

url pkg:rpm/redhat/dnsmasq@2.90-7?arch=el10_2

purl pkg:rpm/redhat/dnsmasq@2.90-7?arch=el10_2

is_vulnerable true

affected_by_vulnerabilities

vulnerability	VCID-8tn1-dumg-53ff

vulnerability	VCID-cph9-f6gy-6fc7

vulnerability	VCID-ez7v-3qn8-nkh3

vulnerability	VCID-fr17-1b8u-4qcw

vulnerability	VCID-gfdc-jt1c-7ben

vulnerability	VCID-h6zz-az46-7qh6

resource_url http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/dnsmasq@2.90-7%3Farch=el10_2

References

reference_url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4891.json

reference_id

reference_type

scores

value	7.5
scoring_system	cvssv3
scoring_elements	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

url

https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4891.json

reference_url	https://bugzilla.redhat.com/show_bug.cgi?id=2458517
reference_id	2458517
reference_type
scores
url	https://bugzilla.redhat.com/show_bug.cgi?id=2458517

reference_url	https://access.redhat.com/errata/RHSA-2026:19158
reference_id	RHSA-2026:19158
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:19158

reference_url	https://access.redhat.com/errata/RHSA-2026:19373
reference_id	RHSA-2026:19373
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:19373

reference_url	https://access.redhat.com/errata/RHSA-2026:20589
reference_id	RHSA-2026:20589
reference_type
scores
url	https://access.redhat.com/errata/RHSA-2026:20589

Weaknesses

cwe_id	125
name	Out-of-bounds Read
description	The product reads data past the end, or before the beginning, of the intended buffer.

Exploits

Severity_range_score 7.5 - 7.5

Exploitability 0.5

Weighted_severity 6.8

Risk_score 3.4

Resource_url http://public2.vulnerablecode.io/vulnerabilities/VCID-fr17-1b8u-4qcw

Vulnerability Instance