{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/60359?format=json","vulnerability_id":"VCID-fr17-1b8u-4qcw","summary":"dnsmasq: RRSIG rdlen underflow leading to heap OOB read","aliases":[{"alias":"CVE-2026-4891"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/195513?format=json","purl":"pkg:deb/debian/dnsmasq@2.90-4~deb12u2","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dnsmasq@2.90-4~deb12u2"},{"url":"http://public2.vulnerablecode.io/api/packages/92954?format=json","purl":"pkg:deb/debian/dnsmasq@2.90-4~deb12u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dnsmasq@2.90-4~deb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/92958?format=json","purl":"pkg:deb/debian/dnsmasq@2.91-1%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dnsmasq@2.91-1%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/92957?format=json","purl":"pkg:deb/debian/dnsmasq@2.92-5?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dnsmasq@2.92-5%3Fdistro=trixie"}],"affected_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/5871?format=json","purl":"pkg:deb/debian/dnsmasq@2.85-1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8tn1-dumg-53ff"},{"vulnerability":"VCID-fr17-1b8u-4qcw"},{"vulnerability":"VCID-gfdc-jt1c-7ben"},{"vulnerability":"VCID-h6zz-az46-7qh6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dnsmasq@2.85-1"},{"url":"http://public2.vulnerablecode.io/api/packages/92956?format=json","purl":"pkg:deb/debian/dnsmasq@2.85-1?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-2va3-wp8r-fkgp"},{"vulnerability":"VCID-8tn1-dumg-53ff"},{"vulnerability":"VCID-cph9-f6gy-6fc7"},{"vulnerability":"VCID-ez7v-3qn8-nkh3"},{"vulnerability":"VCID-fr17-1b8u-4qcw"},{"vulnerability":"VCID-gfdc-jt1c-7ben"},{"vulnerability":"VCID-h6zz-az46-7qh6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/dnsmasq@2.85-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/89123?format=json","purl":"pkg:rpm/redhat/dnsmasq@2.79-36?arch=el8_10","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8tn1-dumg-53ff"},{"vulnerability":"VCID-ez7v-3qn8-nkh3"},{"vulnerability":"VCID-fr17-1b8u-4qcw"},{"vulnerability":"VCID-gfdc-jt1c-7ben"},{"vulnerability":"VCID-h6zz-az46-7qh6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/dnsmasq@2.79-36%3Farch=el8_10"},{"url":"http://public2.vulnerablecode.io/api/packages/89122?format=json","purl":"pkg:rpm/redhat/dnsmasq@2.85-18.el9_8?arch=1","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8tn1-dumg-53ff"},{"vulnerability":"VCID-ez7v-3qn8-nkh3"},{"vulnerability":"VCID-fr17-1b8u-4qcw"},{"vulnerability":"VCID-gfdc-jt1c-7ben"},{"vulnerability":"VCID-h6zz-az46-7qh6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/dnsmasq@2.85-18.el9_8%3Farch=1"},{"url":"http://public2.vulnerablecode.io/api/packages/89121?format=json","purl":"pkg:rpm/redhat/dnsmasq@2.90-7?arch=el10_2","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-8tn1-dumg-53ff"},{"vulnerability":"VCID-cph9-f6gy-6fc7"},{"vulnerability":"VCID-ez7v-3qn8-nkh3"},{"vulnerability":"VCID-fr17-1b8u-4qcw"},{"vulnerability":"VCID-gfdc-jt1c-7ben"},{"vulnerability":"VCID-h6zz-az46-7qh6"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:rpm/redhat/dnsmasq@2.90-7%3Farch=el10_2"}],"references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4891.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2026-4891.json"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2458517","reference_id":"2458517","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2458517"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:19158","reference_id":"RHSA-2026:19158","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:19158"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:19373","reference_id":"RHSA-2026:19373","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:19373"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:20589","reference_id":"RHSA-2026:20589","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:20589"}],"weaknesses":[{"cwe_id":125,"name":"Out-of-bounds Read","description":"The product reads data past the end, or before the beginning, of the intended buffer."}],"exploits":[],"severity_range_score":"7.5 - 7.5","exploitability":"0.5","weighted_severity":"6.8","risk_score":3.4,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-fr17-1b8u-4qcw"}