CVE-2020-25687medium
New! CVE Severity Now Using CVSS v3
The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.
Description
A flaw was found in dnsmasq before version 2.83. A heap-based buffer overflow was discovered in dnsmasq when DNSSEC is enabled and before it validates the received DNS entries. This flaw allows a remote attacker, who can create valid DNS replies, to cause an overflow in a heap-allocated memory. This flaw is caused by the lack of length checks in rfc1035.c:extract_name(), which could be abused to make the code execute memcpy() with a negative size in sort_rrset() and cause a crash in dnsmasq, resulting in a denial of service. The highest threat from this vulnerability is to system availability.
References
https://bugzilla.redhat.com/show_bug.cgi?id=1891568
https://lists.debian.org/debian-lts-announce/2021/03/msg00027.html
https://security.gentoo.org/glsa/202101-17
Details
Source: MITRE
Published: 2021-01-20
Updated: 2021-03-26
Type: CWE-122
Risk Information
CVSS v2
Base Score: 7.1
Vector: AV:N/AC:M/Au:N/C:N/I:N/A:C
Impact Score: 6.9
Exploitability Score: 8.6
Severity: HIGH
CVSS v3
Base Score: 5.9
Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
Impact Score: 3.6
Exploitability Score: 2.2
Severity: MEDIUM
Vulnerable Software
Configuration 1
OR
Configuration 2
OR
Configuration 3
OR
Tenable Plugins
| ID | Name | Product | Family | Severity |
|---|---|---|---|---|
| 150612 | SUSE SLES11 Security Update : dnsmasq (SUSE-SU-2021:14603-1) | Nessus | SuSE Local Security Checks | high |
| 148783 | Fedora 32 : dnsmasq (2021-2e4c3d5a9d) | Nessus | Fedora Local Security Checks | high |
| 148613 | EulerOS Virtualization 2.9.1 : dnsmasq (EulerOS-SA-2021-1733) | Nessus | Huawei Local Security Checks | high |
| 148581 | EulerOS Virtualization 2.9.0 : dnsmasq (EulerOS-SA-2021-1758) | Nessus | Huawei Local Security Checks | high |
| 148050 | EulerOS 2.0 SP5 : dnsmasq (EulerOS-SA-2021-1673) | Nessus | Huawei Local Security Checks | high |
| 147960 | Debian DLA-2604-1 : dnsmasq security update | Nessus | Debian Local Security Checks | high |
| 147582 | EulerOS Virtualization for ARM 64 3.0.2.0 : dnsmasq (EulerOS-SA-2021-1389) | Nessus | Huawei Local Security Checks | high |
| 147517 | EulerOS Virtualization 3.0.6.6 : dnsmasq (EulerOS-SA-2021-1469) | Nessus | Huawei Local Security Checks | high |
| 147462 | EulerOS Virtualization 3.0.2.6 : dnsmasq (EulerOS-SA-2021-1411) | Nessus | Huawei Local Security Checks | high |
| 147341 | NewStart CGSL MAIN 6.02 : dnsmasq Multiple Vulnerabilities (NS-SA-2021-0091) | Nessus | NewStart CGSL Local Security Checks | high |
| 147133 | EulerOS Virtualization for ARM 64 3.0.6.0 : dnsmasq (EulerOS-SA-2021-1551) | Nessus | Huawei Local Security Checks | high |
| 146735 | EulerOS 2.0 SP3 : dnsmasq (EulerOS-SA-2021-1374) | Nessus | Huawei Local Security Checks | high |
| 146697 | EulerOS 2.0 SP2 : dnsmasq (EulerOS-SA-2021-1288) | Nessus | Huawei Local Security Checks | high |
| 146369 | Slackware 14.0 / 14.1 / 14.2 / current : dnsmasq (SSA:2021-040-01) | Nessus | Slackware Local Security Checks | high |
| 146242 | Debian DSA-4844-1 : dnsmasq - security update | Nessus | Debian Local Security Checks | high |
| 146224 | EulerOS 2.0 SP9 : dnsmasq (EulerOS-SA-2021-1263) | Nessus | Huawei Local Security Checks | high |
| 146218 | EulerOS 2.0 SP9 : dnsmasq (EulerOS-SA-2021-1244) | Nessus | Huawei Local Security Checks | high |
| 145737 | EulerOS 2.0 SP8 : dnsmasq (EulerOS-SA-2021-1138) | Nessus | Huawei Local Security Checks | high |
| 145698 | CentOS 8 : dnsmasq (CESA-2021:0150) | Nessus | CentOS Local Security Checks | high |
| 145421 | Photon OS 2.0: Dnsmasq PHSA-2021-2.0-0312 | Nessus | PhotonOS Local Security Checks | high |
| 145420 | Photon OS 1.0: Dnsmasq PHSA-2021-1.0-0356 | Nessus | PhotonOS Local Security Checks | high |
| 145414 | Photon OS 3.0: Dnsmasq PHSA-2021-3.0-0186 | Nessus | PhotonOS Local Security Checks | high |
| 145356 | openSUSE Security Update : dnsmasq (openSUSE-2021-124) | Nessus | SuSE Local Security Checks | high |
| 145295 | openSUSE Security Update : dnsmasq (openSUSE-2021-129) | Nessus | SuSE Local Security Checks | high |
| 145282 | GLSA-202101-17 : Dnsmasq: Multiple vulnerabilities | Nessus | Gentoo Local Security Checks | high |
| 145241 | Fedora 33 : dnsmasq (2021-84440e87ba) | Nessus | Fedora Local Security Checks | high |
| 145236 | FreeBSD : dnsmasq -- DNS cache poisoning, and DNSSEC buffer overflow, vulnerabilities (5b5cf6e5-5b51-11eb-95ac-7f9491278677) | Nessus | FreeBSD Local Security Checks | high |
| 145199 | SUSE SLES15 Security Update : dnsmasq (SUSE-SU-2021:0162-1) | Nessus | SuSE Local Security Checks | high |
| 145175 | SUSE SLES12 Security Update : dnsmasq (SUSE-SU-2021:0166-1) | Nessus | SuSE Local Security Checks | high |
| 145108 | SUSE SLED15 / SLES15 Security Update : dnsmasq (SUSE-SU-2021:0163-1) | Nessus | SuSE Local Security Checks | high |
| 145088 | RHEL 8 : dnsmasq (RHSA-2021:0150) | Nessus | Red Hat Local Security Checks | high |
| 145086 | Oracle Linux 8 : dnsmasq (ELSA-2021-0150) | Nessus | Oracle Linux Local Security Checks | high |
| 145082 | RHEL 8 : dnsmasq (RHSA-2021:0152) | Nessus | Red Hat Local Security Checks | high |
| 145078 | Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS / 20.10 : Dnsmasq vulnerabilities (USN-4698-1) | Nessus | Ubuntu Local Security Checks | high |
| 145077 | RHEL 8 : dnsmasq (RHSA-2021:0151) | Nessus | Red Hat Local Security Checks | high |
| 145073 | dnsmasq < 2.83 Multiple Vulnerabilities (DNSPOOQ) | Nessus | DNS | high |