[Pi-Hole] Ervaringen & discussie

[ Voor 36% gewijzigd door Toet3r op 25-04-2026 00:19 ]

CVE-2026-2291 — Heap OOB write in struct bigname. The on-heap namebuffer was sized for the wire form of a domain name (MAXDNAME) rather than its escaped internal form (MAXDNAME*2 + 1). A remote peer that can send or answer DNS queries could cause a large out-of-bounds write on the heap. Reported by Andrew S. Fasano.

CVE-2026-4890 — DNSSEC denial of service via NSEC bitmap parsing.The window-iteration step omitted the 2-byte window header, so a crafted NSEC record with bitmap_length == 0 produced an infinite loop and dnsmasq stopped answering queries. Reachable before RRSIG validation,so no valid signatures are required to trigger it. Reported by Royce M.

CVE-2026-4891 — DNSSEC crash via crafted RRSIG. A packet declaring an rdlen smaller than the fixed RRSIG header plus signer's name produced a negative signature length and a subsequent crash. Reported by Royce M.

CVE-2026-4892 — Privileged buffer overflow in the DHCP helper.When --dhcp-script is configured, hex-encoded DHCPv6 client identifiers (up to 65535 bytes) were written into a 5131-byte buffer in the root-privileged helper. Reported by Royce M.

CVE-2026-4893 — EDNS Client Subnet validation bypass. With--add-subnet enabled, process_reply() passed the OPT record length(~23 bytes) to check_source() instead of the packet length, causing every internal bounds check to fail and the validation routine to always return success. ECS source validation per RFC 7871 §9.2 was effectively disabled. Reported by Royce M.

CVE-2026-5172 — Heap OOB read in extract_addresses(). A mismatched RR rdlen allowed extract_name() to advance past the computed end of the record, underflowing the remaining-bytes calculation and producing a large OOB read with certain crash.Reported by Hugo Martinez Ray.

Pietervs schreef op dinsdag 12 mei 2026 @ 11:23:
[...]

Lijkt erop dat de maker(s) dus deze aangepakt hebben
De problemen lijken dus in dnsmasq te zitten. Wat best bijzonder is: Pihole gebruikt dnsmasq toch niet? Tenzij pihole-FTL een fork is van dnsmasq natuurlijk.

[ Voor 3% gewijzigd door Toet3r op 12-05-2026 12:56 ]