Critical Cache Poisoning Vulnerability in Dnsmasq: Single Character Attack
2025-08-19
Researchers from Tsinghua University and Nankai University discovered a critical cache poisoning vulnerability (SHAR attack) in the Dnsmasq DNS software. Attackers can inject malicious DNS records by using a single special character, bypassing Dnsmasq's defenses. This vulnerability exploits the silent handling of queries containing special characters by some upstream recursive resolvers, creating a large attack window for brute-forcing TxID and source port. The success rate is 100%, affecting all Dnsmasq versions. Mitigation includes detecting silent upstream resolvers and implementing rate limiting and spoof detection.
Read more
Tech
cache poisoning