{
  "variant_id": "CVE-2026-5245-variant-analysis",
  "created_at": "2026-04-02T00:00:00Z",
  "variant_summary": "Variant analysis of CVE-2026-5245 mDNS stack buffer overflow - tested TXT, SRV, and PTR query paths. No bypass found - fix comprehensively covers all entry points.",
  "relation": "newer_version_sibling",
  "origin_kind": "pruva_variant",
  "repository": "https://github.com/cesanta/mongoose",
  "submitted_target": {
    "target_kind": "git_commit",
    "commit_sha": "1bb85799ce61b5c4ca43df7e74a6759e02c60e03",
    "display": "1bb85799 (vulnerable, pre-fix)"
  },
  "variant_target": {
    "target_kind": "git_commit",
    "commit_sha": "0d882f1b43ff2308b7486a56a9d60cd6dba8a3f1",
    "display": "0d882f1b (fixed version)"
  },
  "same_root_cause_confidence": "high",
  "same_surface_confidence": "high",
  "claimed_surface": "mDNS UDP service discovery",
  "validated_surface": "mDNS UDP service discovery (port 5353)",
  "required_entrypoint_kind": "network_api",
  "required_entrypoint_detail": "UDP mDNS queries (PTR type 12, TXT type 16, SRV type 33)",
  "attacker_controlled_input": "mDNS query service names and TXT record content via req->r->txt",
  "trigger_path": "handle_mdns_record() -> handle_mdns_query() -> build_txt_record() / build_srv_record() / build_a_record() / build_ptr_record()",
  "observed_impact_class": "stack_buffer_overflow",
  "exploitability_confidence": "medium",
  "evidence_scope": "dynamic_analysis",
  "runtime_manifest_present": false,
  "end_to_end_target_reached": true,
  "inferred": false,
  "file_path": "src/dns.c",
  "line_start": 395,
  "line_end": 540,
  "secondary_anchors": [
    {
      "file_path": "src/dns.c",
      "line_start": 386,
      "line_end": 392
    },
    {
      "file_path": "src/dns.c",
      "line_start": 365,
      "line_end": 380
    }
  ],
  "review_scope_paths": [
    "src/dns.c",
    "tutorials/udp/mdns-sd-server/"
  ],
  "artifact_refs": {
    "variant_manifest": "vuln_variant/variant_manifest.json",
    "validation_verdict": "vuln_variant/validation_verdict.json",
    "runtime_manifest": "vuln_variant/runtime_manifest.json",
    "repro_log": "logs/server_variant.log",
    "root_cause_equivalence": "vuln_variant/root_cause_equivalence.json",
    "reproducer": ["vuln_variant/reproduction_steps.sh"]
  }
}