CVE-2020-25682

HIGH

Description

A flaw was found in dnsmasq before 2.83. A buffer overflow vulnerability was discovered in the way dnsmasq extract names from DNS packets before validating them with DNSSEC data. An attacker on the network, who can create valid DNS replies, could use this flaw to cause an overflow with arbitrary data in a heap-allocated memory, possibly executing code on the machine. The flaw is in the rfc1035.c:extract_name() function, which writes data to the memory pointed by name assuming MAXDNAME*2 bytes are available in the buffer. However, in some code execution paths, it is possible extract_name() gets passed an offset from the base buffer, thus reducing, in practice, the number of available bytes that can be written in the buffer. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

References

https://bugzilla.redhat.com/show_bug.cgi?id=1882014

https://lists.debian.org/debian-lts-announce/2021/03/msg00027.html

https://lists.fedoraproject.org/archives/list/[email protected]/message/QGB7HL3OWHTLEPSMLDGOMXQKG3KM2QME/

https://lists.fedoraproject.org/archives/list/[email protected]/message/WYW3IR6APUSKOYKL5FT3ACTIHWHGQY32/

https://security.gentoo.org/glsa/202101-17

https://www.debian.org/security/2021/dsa-4844

https://www.jsof-tech.com/disclosures/dnspooq/

Details

Source: MITRE

Published: 2021-01-20

Updated: 2021-03-26

Type: CWE-122

Risk Information

CVSS v2.0

Base Score: 8.3

Vector: AV:N/AC:M/Au:N/C:P/I:P/A:C

Impact Score: 8.5

Exploitability Score: 8.6

Severity: HIGH

CVSS v3.0

Base Score: 8.1

Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Impact Score: 5.9

Exploitability Score: 2.2

Severity: HIGH

Vulnerable Software

Configuration 1

OR

cpe:2.3:a:thekelleys:dnsmasq:*:*:*:*:*:*:*:*

Configuration 2

OR

cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*

cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*

Configuration 3

OR

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*

cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

Tenable Plugins

View all (34 total)

IDNameProductFamilySeverity
148613EulerOS : dnsmasq (EulerOS-SA-2021-1733)NessusHuawei Local Security Checks
high
148581EulerOS : dnsmasq (EulerOS-SA-2021-1758)NessusHuawei Local Security Checks
high
148050EulerOS 2.0 SP5 : dnsmasq (EulerOS-SA-2021-1673)NessusHuawei Local Security Checks
high
147960Debian DLA-2604-1 : dnsmasq security updateNessusDebian Local Security Checks
high
147582EulerOS Virtualization for ARM 64 3.0.2.0 : dnsmasq (EulerOS-SA-2021-1389)NessusHuawei Local Security Checks
high
147517EulerOS Virtualization 3.0.6.6 : dnsmasq (EulerOS-SA-2021-1469)NessusHuawei Local Security Checks
high
147462EulerOS Virtualization 3.0.2.6 : dnsmasq (EulerOS-SA-2021-1411)NessusHuawei Local Security Checks
high
147341NewStart CGSL MAIN 6.02 : dnsmasq Multiple Vulnerabilities (NS-SA-2021-0091)NessusNewStart CGSL Local Security Checks
high
147133EulerOS Virtualization for ARM 64 3.0.6.0 : dnsmasq (EulerOS-SA-2021-1551)NessusHuawei Local Security Checks
high
146735EulerOS 2.0 SP3 : dnsmasq (EulerOS-SA-2021-1374)NessusHuawei Local Security Checks
high
146697EulerOS 2.0 SP2 : dnsmasq (EulerOS-SA-2021-1288)NessusHuawei Local Security Checks
high
146369Slackware 14.0 / 14.1 / 14.2 / current : dnsmasq (SSA:2021-040-01)NessusSlackware Local Security Checks
high
146242Debian DSA-4844-1 : dnsmasq - security updateNessusDebian Local Security Checks
high
146224EulerOS : dnsmasq (EulerOS-SA-2021-1263)NessusHuawei Local Security Checks
high
146218EulerOS 2.0 SP9 : dnsmasq (EulerOS-SA-2021-1244)NessusHuawei Local Security Checks
high
145737EulerOS 2.0 SP8 : dnsmasq (EulerOS-SA-2021-1138)NessusHuawei Local Security Checks
high
145698CentOS 8 : dnsmasq (CESA-2021:0150)NessusCentOS Local Security Checks
high
145421Photon OS 2.0: Dnsmasq PHSA-2021-2.0-0312NessusPhotonOS Local Security Checks
high
145420Photon OS 1.0: Dnsmasq PHSA-2021-1.0-0356NessusPhotonOS Local Security Checks
high
145414Photon OS 3.0: Dnsmasq PHSA-2021-3.0-0186NessusPhotonOS Local Security Checks
high
145356openSUSE Security Update : dnsmasq (openSUSE-2021-124)NessusSuSE Local Security Checks
high
145295openSUSE Security Update : dnsmasq (openSUSE-2021-129)NessusSuSE Local Security Checks
high
145282GLSA-202101-17 : Dnsmasq: Multiple vulnerabilitiesNessusGentoo Local Security Checks
high
145241Fedora 33 : dnsmasq (2021-84440e87ba)NessusFedora Local Security Checks
high
145236FreeBSD : dnsmasq -- DNS cache poisoning, and DNSSEC buffer overflow, vulnerabilities (5b5cf6e5-5b51-11eb-95ac-7f9491278677)NessusFreeBSD Local Security Checks
high
145199SUSE SLES15 Security Update : dnsmasq (SUSE-SU-2021:0162-1)NessusSuSE Local Security Checks
high
145175SUSE SLES12 Security Update : dnsmasq (SUSE-SU-2021:0166-1)NessusSuSE Local Security Checks
high
145108SUSE SLED15 / SLES15 Security Update : dnsmasq (SUSE-SU-2021:0163-1)NessusSuSE Local Security Checks
high
145088RHEL 8 : dnsmasq (RHSA-2021:0150)NessusRed Hat Local Security Checks
high
145086Oracle Linux 8 : dnsmasq (ELSA-2021-0150)NessusOracle Linux Local Security Checks
high
145082RHEL 8 : dnsmasq (RHSA-2021:0152)NessusRed Hat Local Security Checks
high
145078Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 20.10 : Dnsmasq vulnerabilities (USN-4698-1)NessusUbuntu Local Security Checks
high
145077RHEL 8 : dnsmasq (RHSA-2021:0151)NessusRed Hat Local Security Checks
high
145073dnsmasq < 2.83 Multiple Vulnerabilities (DNSPOOQ)NessusDNS
high