CVE-2020-25681

HIGH

Description

A flaw was found in dnsmasq before version 2.83. A heap-based buffer overflow was discovered in the way RRSets are sorted before validating with DNSSEC data. An attacker on the network, who can forge DNS replies such as that they are accepted as valid, could use this flaw to cause a buffer overflow with arbitrary data in a heap memory segment, possibly executing code on the machine. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

References

https://bugzilla.redhat.com/show_bug.cgi?id=1881875

https://lists.debian.org/debian-lts-announce/2021/03/msg00027.html

https://lists.fedoraproject.org/archives/list/[email protected]/message/QGB7HL3OWHTLEPSMLDGOMXQKG3KM2QME/

https://lists.fedoraproject.org/archives/list/[email protected]/message/WYW3IR6APUSKOYKL5FT3ACTIHWHGQY32/

https://security.gentoo.org/glsa/202101-17

https://www.debian.org/security/2021/dsa-4844

https://www.jsof-tech.com/disclosures/dnspooq/

Details

Source: MITRE

Published: 2021-01-20

Updated: 2021-03-26

Type: CWE-122

Risk Information

CVSS v2.0

Base Score: 8.3

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:C

Impact Score: 8.5

Exploitability Score: 8.6

Severity: HIGH

CVSS v3.0

Base Score: 8.1

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 2.2

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:thekelleys:dnsmasq:*:*:*:*:*:*:*:*

Configuration 2

OR

cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*

cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*

Configuration 3

OR

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

Tenable Plugins

View all (35 total)

IDNameProductFamilySeverity
148783Fedora 32 : dnsmasq (2021-2e4c3d5a9d)NessusFedora Local Security Checks
high
148613EulerOS Virtualization 2.9.1 : dnsmasq (EulerOS-SA-2021-1733)NessusHuawei Local Security Checks
high
148581EulerOS Virtualization 2.9.0 : dnsmasq (EulerOS-SA-2021-1758)NessusHuawei Local Security Checks
high
148050EulerOS 2.0 SP5 : dnsmasq (EulerOS-SA-2021-1673)NessusHuawei Local Security Checks
high
147960Debian DLA-2604-1 : dnsmasq security updateNessusDebian Local Security Checks
high
147582EulerOS Virtualization for ARM 64 3.0.2.0 : dnsmasq (EulerOS-SA-2021-1389)NessusHuawei Local Security Checks
high
147517EulerOS Virtualization 3.0.6.6 : dnsmasq (EulerOS-SA-2021-1469)NessusHuawei Local Security Checks
high
147462EulerOS Virtualization 3.0.2.6 : dnsmasq (EulerOS-SA-2021-1411)NessusHuawei Local Security Checks
high
147341NewStart CGSL MAIN 6.02 : dnsmasq Multiple Vulnerabilities (NS-SA-2021-0091)NessusNewStart CGSL Local Security Checks
high
147133EulerOS Virtualization for ARM 64 3.0.6.0 : dnsmasq (EulerOS-SA-2021-1551)NessusHuawei Local Security Checks
high
146735EulerOS 2.0 SP3 : dnsmasq (EulerOS-SA-2021-1374)NessusHuawei Local Security Checks
high
146697EulerOS 2.0 SP2 : dnsmasq (EulerOS-SA-2021-1288)NessusHuawei Local Security Checks
high
146369Slackware 14.0 / 14.1 / 14.2 / current : dnsmasq (SSA:2021-040-01)NessusSlackware Local Security Checks
high
146242Debian DSA-4844-1 : dnsmasq - security updateNessusDebian Local Security Checks
high
146224EulerOS 2.0 SP9 : dnsmasq (EulerOS-SA-2021-1263)NessusHuawei Local Security Checks
high
146218EulerOS 2.0 SP9 : dnsmasq (EulerOS-SA-2021-1244)NessusHuawei Local Security Checks
high
145737EulerOS 2.0 SP8 : dnsmasq (EulerOS-SA-2021-1138)NessusHuawei Local Security Checks
high
145698CentOS 8 : dnsmasq (CESA-2021:0150)NessusCentOS Local Security Checks
high
145421Photon OS 2.0: Dnsmasq PHSA-2021-2.0-0312NessusPhotonOS Local Security Checks
high
145420Photon OS 1.0: Dnsmasq PHSA-2021-1.0-0356NessusPhotonOS Local Security Checks
high
145414Photon OS 3.0: Dnsmasq PHSA-2021-3.0-0186NessusPhotonOS Local Security Checks
high
145356openSUSE Security Update : dnsmasq (openSUSE-2021-124)NessusSuSE Local Security Checks
high
145295openSUSE Security Update : dnsmasq (openSUSE-2021-129)NessusSuSE Local Security Checks
high
145282GLSA-202101-17 : Dnsmasq: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
145241Fedora 33 : dnsmasq (2021-84440e87ba)NessusFedora Local Security Checks
high
145236FreeBSD : dnsmasq -- DNS cache poisoning, and DNSSEC buffer overflow, vulnerabilities (5b5cf6e5-5b51-11eb-95ac-7f9491278677)NessusFreeBSD Local Security Checks
high
145199SUSE SLES15 Security Update : dnsmasq (SUSE-SU-2021:0162-1)NessusSuSE Local Security Checks
high
145175SUSE SLES12 Security Update : dnsmasq (SUSE-SU-2021:0166-1)NessusSuSE Local Security Checks
high
145108SUSE SLED15 / SLES15 Security Update : dnsmasq (SUSE-SU-2021:0163-1)NessusSuSE Local Security Checks
high
145088RHEL 8 : dnsmasq (RHSA-2021:0150)NessusRed Hat Local Security Checks
high
145086Oracle Linux 8 : dnsmasq (ELSA-2021-0150)NessusOracle Linux Local Security Checks
high
145082RHEL 8 : dnsmasq (RHSA-2021:0152)NessusRed Hat Local Security Checks
high
145078Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 20.10 : Dnsmasq vulnerabilities (USN-4698-1)NessusUbuntu Local Security Checks
high
145077RHEL 8 : dnsmasq (RHSA-2021:0151)NessusRed Hat Local Security Checks
high
145073dnsmasq < 2.83 Multiple Vulnerabilities (DNSPOOQ)NessusDNS
high