QwikSec

Security Database

CVE

CWE

Training

CVE-2026-1425

Published: Jan 26, 2026

Modified: Feb 23, 2026

PUBLISHED

CVSS v3.1

5.6

MEDIUM

Description

A security flaw has been discovered in pymumu SmartDNS up to 47.1. This vulnerability affects the function _dns_decode_rr_head/_dns_decode_SVCB_HTTPS of the file src/dns.c of the component SVBC Record Parser. The manipulation results in stack-based buffer overflow. It is possible to launch the attack remotely. A high complexity level is associated with this attack. It is stated that the exploitability is difficult. The patch is identified as 2d57c4b4e1add9b4537aeb403f794a084727e1c8. Applying a patch is advised to resolve this issue.

Vendor	Product	Versions
pymumu	SmartDNS	affected `47.0` affected `47.1`

Weaknesses (CWE)

CVSS v3.1 Details

CVSS v3.1 Vector

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:L/E:X/RL:O/RC:C

Attack Vector

Network

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

Low

Integrity

Low

Availability

Low

References

VDB-342841 | pymumu SmartDNS SVBC Record dns.c _dns_decode_SVCB_HTTPS stack-based overflow

vdb-entry

technical-description

VDB-342841 | CTI Indicators (IOB, IOC, IOA)

signature

permissions-required

Submit #736827 | pymumu smartdns 47.1 Stack-based Buffer Overflow

third-party-advisory

https://github.com/pymumu/smartdns/commit/2d57c4b4e1add9b4537aeb403f794a084727e1c8

patch

https://github.com/pymumu/smartdns/

product

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.