Action not permitted
Modal body text goes here.
Modal Title
Modal Body
CVE-2020-25682 (GCVE-0-2020-25682)
Vulnerability from cvelistv5 – Published: 2021-01-20 16:28 – Updated: 2025-11-04 19:12
VLAI?
EPSS
Summary
A flaw was found in dnsmasq before 2.83. A buffer overflow vulnerability was discovered in the way dnsmasq extract names from DNS packets before validating them with DNSSEC data. An attacker on the network, who can create valid DNS replies, could use this flaw to cause an overflow with arbitrary data in a heap-allocated memory, possibly executing code on the machine. The flaw is in the rfc1035.c:extract_name() function, which writes data to the memory pointed by name assuming MAXDNAME*2 bytes are available in the buffer. However, in some code execution paths, it is possible extract_name() gets passed an offset from the base buffer, thus reducing, in practice, the number of available bytes that can be written in the buffer. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Severity ?
No CVSS data available.
CWE
Assigner
References
7 references
| URL | Tags |
|---|---|
| https://www.jsof-tech.com/disclosures/dnspooq/ | x_refsource_MISC |
| https://bugzilla.redhat.com/show_bug.cgi?id=1882014 | x_refsource_MISC |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| https://security.gentoo.org/glsa/202101-17 | vendor-advisoryx_refsource_GENTOO |
| https://www.debian.org/security/2021/dsa-4844 | vendor-advisoryx_refsource_DEBIAN |
| https://lists.fedoraproject.org/archives/list/pac… | vendor-advisoryx_refsource_FEDORA |
| https://lists.debian.org/debian-lts-announce/2021… | mailing-listx_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2025-11-04T19:12:09.915Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.jsof-tech.com/disclosures/dnspooq/"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1882014"
},
{
"name": "FEDORA-2021-84440e87ba",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WYW3IR6APUSKOYKL5FT3ACTIHWHGQY32/"
},
{
"name": "GLSA-202101-17",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO",
"x_transferred"
],
"url": "https://security.gentoo.org/glsa/202101-17"
},
{
"name": "DSA-4844",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "https://www.debian.org/security/2021/dsa-4844"
},
{
"name": "FEDORA-2021-2e4c3d5a9d",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QGB7HL3OWHTLEPSMLDGOMXQKG3KM2QME/"
},
{
"name": "[debian-lts-announce] 20210322 [SECURITY] [DLA 2604-1] dnsmasq security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00027.html"
},
{
"url": "https://www.kb.cert.org/vuls/id/434904"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "dnsmasq",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "dnsmasq 2.83"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in dnsmasq before 2.83. A buffer overflow vulnerability was discovered in the way dnsmasq extract names from DNS packets before validating them with DNSSEC data. An attacker on the network, who can create valid DNS replies, could use this flaw to cause an overflow with arbitrary data in a heap-allocated memory, possibly executing code on the machine. The flaw is in the rfc1035.c:extract_name() function, which writes data to the memory pointed by name assuming MAXDNAME*2 bytes are available in the buffer. However, in some code execution paths, it is possible extract_name() gets passed an offset from the base buffer, thus reducing, in practice, the number of available bytes that can be written in the buffer. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability."
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-122",
"description": "CWE-122",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2021-03-22T20:06:12.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.jsof-tech.com/disclosures/dnspooq/"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1882014"
},
{
"name": "FEDORA-2021-84440e87ba",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WYW3IR6APUSKOYKL5FT3ACTIHWHGQY32/"
},
{
"name": "GLSA-202101-17",
"tags": [
"vendor-advisory",
"x_refsource_GENTOO"
],
"url": "https://security.gentoo.org/glsa/202101-17"
},
{
"name": "DSA-4844",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "https://www.debian.org/security/2021/dsa-4844"
},
{
"name": "FEDORA-2021-2e4c3d5a9d",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QGB7HL3OWHTLEPSMLDGOMXQKG3KM2QME/"
},
{
"name": "[debian-lts-announce] 20210322 [SECURITY] [DLA 2604-1] dnsmasq security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00027.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2020-25682",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "dnsmasq",
"version": {
"version_data": [
{
"version_value": "dnsmasq 2.83"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in dnsmasq before 2.83. A buffer overflow vulnerability was discovered in the way dnsmasq extract names from DNS packets before validating them with DNSSEC data. An attacker on the network, who can create valid DNS replies, could use this flaw to cause an overflow with arbitrary data in a heap-allocated memory, possibly executing code on the machine. The flaw is in the rfc1035.c:extract_name() function, which writes data to the memory pointed by name assuming MAXDNAME*2 bytes are available in the buffer. However, in some code execution paths, it is possible extract_name() gets passed an offset from the base buffer, thus reducing, in practice, the number of available bytes that can be written in the buffer. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-122"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.jsof-tech.com/disclosures/dnspooq/",
"refsource": "MISC",
"url": "https://www.jsof-tech.com/disclosures/dnspooq/"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1882014",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1882014"
},
{
"name": "FEDORA-2021-84440e87ba",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WYW3IR6APUSKOYKL5FT3ACTIHWHGQY32/"
},
{
"name": "GLSA-202101-17",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202101-17"
},
{
"name": "DSA-4844",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2021/dsa-4844"
},
{
"name": "FEDORA-2021-2e4c3d5a9d",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGB7HL3OWHTLEPSMLDGOMXQKG3KM2QME/"
},
{
"name": "[debian-lts-announce] 20210322 [SECURITY] [DLA 2604-1] dnsmasq security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00027.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2020-25682",
"datePublished": "2021-01-20T16:28:38.000Z",
"dateReserved": "2020-09-16T00:00:00.000Z",
"dateUpdated": "2025-11-04T19:12:09.915Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2020-25682",
"date": "2026-05-19",
"epss": "0.34287",
"percentile": "0.97046"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:thekelleys:dnsmasq:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"2.83\", \"matchCriteriaId\": \"F38115DF-0F5C-442D-83D4-1125AAB4E2B7\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"36D96259-24BD-44E2-96D9-78CE1D41F956\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"E460AA51-FCDA-46B9-AE97-E6676AA5E194\"}]}]}, {\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"DEECE5FC-CACF-4496-A3E7-164736409252\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\", \"matchCriteriaId\": \"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"A flaw was found in dnsmasq before 2.83. A buffer overflow vulnerability was discovered in the way dnsmasq extract names from DNS packets before validating them with DNSSEC data. An attacker on the network, who can create valid DNS replies, could use this flaw to cause an overflow with arbitrary data in a heap-allocated memory, possibly executing code on the machine. The flaw is in the rfc1035.c:extract_name() function, which writes data to the memory pointed by name assuming MAXDNAME*2 bytes are available in the buffer. However, in some code execution paths, it is possible extract_name() gets passed an offset from the base buffer, thus reducing, in practice, the number of available bytes that can be written in the buffer. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.\"}, {\"lang\": \"es\", \"value\": \"Se encontr\\u00f3 un fallo en dnsmasq versiones anteriores a 2.83.\u0026#xa0;Se detect\\u00f3 una vulnerabilidad de desbordamiento del b\\u00fafer en la manera en que dnsmasq extrae nombres de paquetes DNS antes de validarlos con datos DNSSEC.\u0026#xa0;Un atacante en la red, que puede crear respuestas DNS v\\u00e1lidas, podr\\u00eda usar este fallo para causar un desbordamiento de datos arbitrarios en una memoria asignada de la pila, posiblemente ejecutando c\\u00f3digo en la m\\u00e1quina. El fallo est\\u00e1 en la funci\\u00f3n rfc1035.c:extract_name(), que escribe datos en la memoria apuntada por el nombre asumiendo que los bytes MAXDNAME*2 est\\u00e1n disponibles en el b\\u00fafer.\u0026#xa0;Sin embargo, en algunas rutas de ejecuci\\u00f3n de c\\u00f3digo, es posible que la funci\\u00f3n extract_name() pasaba un desplazamiento del b\\u00fafer base, reduciendo as\\u00ed, en la pr\\u00e1ctica, el n\\u00famero de bytes disponibles que se pueden escribir en el b\\u00fafer.\u0026#xa0;La mayor amenaza de esta vulnerabilidad es la confidencialidad e integridad de los datos, as\\u00ed como la disponibilidad del sistema\"}]",
"id": "CVE-2020-25682",
"lastModified": "2024-11-21T05:18:27.207",
"metrics": "{\"cvssMetricV31\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\", \"baseScore\": 8.1, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"HIGH\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"HIGH\", \"integrityImpact\": \"HIGH\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 2.2, \"impactScore\": 5.9}], \"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:M/Au:N/C:P/I:P/A:C\", \"baseScore\": 8.3, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"MEDIUM\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"PARTIAL\", \"integrityImpact\": \"PARTIAL\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 8.6, \"impactScore\": 8.5, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2021-01-20T17:15:12.920",
"references": "[{\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=1882014\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Issue Tracking\", \"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2021/03/msg00027.html\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QGB7HL3OWHTLEPSMLDGOMXQKG3KM2QME/\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WYW3IR6APUSKOYKL5FT3ACTIHWHGQY32/\", \"source\": \"secalert@redhat.com\"}, {\"url\": \"https://security.gentoo.org/glsa/202101-17\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.debian.org/security/2021/dsa-4844\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.jsof-tech.com/disclosures/dnspooq/\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=1882014\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\", \"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.debian.org/debian-lts-announce/2021/03/msg00027.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QGB7HL3OWHTLEPSMLDGOMXQKG3KM2QME/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WYW3IR6APUSKOYKL5FT3ACTIHWHGQY32/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\"}, {\"url\": \"https://security.gentoo.org/glsa/202101-17\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.debian.org/security/2021/dsa-4844\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}, {\"url\": \"https://www.jsof-tech.com/disclosures/dnspooq/\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Third Party Advisory\"]}]",
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"secalert@redhat.com\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-122\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-787\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2020-25682\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2021-01-20T17:15:12.920\",\"lastModified\":\"2025-11-04T20:15:56.973\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"A flaw was found in dnsmasq before 2.83. A buffer overflow vulnerability was discovered in the way dnsmasq extract names from DNS packets before validating them with DNSSEC data. An attacker on the network, who can create valid DNS replies, could use this flaw to cause an overflow with arbitrary data in a heap-allocated memory, possibly executing code on the machine. The flaw is in the rfc1035.c:extract_name() function, which writes data to the memory pointed by name assuming MAXDNAME*2 bytes are available in the buffer. However, in some code execution paths, it is possible extract_name() gets passed an offset from the base buffer, thus reducing, in practice, the number of available bytes that can be written in the buffer. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.\"},{\"lang\":\"es\",\"value\":\"Se encontr\u00f3 un fallo en dnsmasq versiones anteriores a 2.83.\u0026#xa0;Se detect\u00f3 una vulnerabilidad de desbordamiento del b\u00fafer en la manera en que dnsmasq extrae nombres de paquetes DNS antes de validarlos con datos DNSSEC.\u0026#xa0;Un atacante en la red, que puede crear respuestas DNS v\u00e1lidas, podr\u00eda usar este fallo para causar un desbordamiento de datos arbitrarios en una memoria asignada de la pila, posiblemente ejecutando c\u00f3digo en la m\u00e1quina. El fallo est\u00e1 en la funci\u00f3n rfc1035.c:extract_name(), que escribe datos en la memoria apuntada por el nombre asumiendo que los bytes MAXDNAME*2 est\u00e1n disponibles en el b\u00fafer.\u0026#xa0;Sin embargo, en algunas rutas de ejecuci\u00f3n de c\u00f3digo, es posible que la funci\u00f3n extract_name() pasaba un desplazamiento del b\u00fafer base, reduciendo as\u00ed, en la pr\u00e1ctica, el n\u00famero de bytes disponibles que se pueden escribir en el b\u00fafer.\u0026#xa0;La mayor amenaza de esta vulnerabilidad es la confidencialidad e integridad de los datos, as\u00ed como la disponibilidad del sistema\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H\",\"baseScore\":8.1,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"HIGH\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"HIGH\",\"integrityImpact\":\"HIGH\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":2.2,\"impactScore\":5.9}],\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:M/Au:N/C:P/I:P/A:C\",\"baseScore\":8.3,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"MEDIUM\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"PARTIAL\",\"integrityImpact\":\"PARTIAL\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":8.6,\"impactScore\":8.5,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"secalert@redhat.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-122\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-787\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:thekelleys:dnsmasq:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"2.83\",\"matchCriteriaId\":\"F38115DF-0F5C-442D-83D4-1125AAB4E2B7\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"36D96259-24BD-44E2-96D9-78CE1D41F956\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"E460AA51-FCDA-46B9-AE97-E6676AA5E194\"}]}]},{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"DEECE5FC-CACF-4496-A3E7-164736409252\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*\",\"matchCriteriaId\":\"07B237A9-69A3-4A9C-9DA0-4E06BD37AE73\"}]}]}],\"references\":[{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=1882014\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2021/03/msg00027.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QGB7HL3OWHTLEPSMLDGOMXQKG3KM2QME/\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WYW3IR6APUSKOYKL5FT3ACTIHWHGQY32/\",\"source\":\"secalert@redhat.com\"},{\"url\":\"https://security.gentoo.org/glsa/202101-17\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2021/dsa-4844\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.jsof-tech.com/disclosures/dnspooq/\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=1882014\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://lists.debian.org/debian-lts-announce/2021/03/msg00027.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QGB7HL3OWHTLEPSMLDGOMXQKG3KM2QME/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WYW3IR6APUSKOYKL5FT3ACTIHWHGQY32/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"},{\"url\":\"https://security.gentoo.org/glsa/202101-17\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.debian.org/security/2021/dsa-4844\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.jsof-tech.com/disclosures/dnspooq/\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Third Party Advisory\"]},{\"url\":\"https://www.kb.cert.org/vuls/id/434904\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\"}]}}"
}
}
CERTFR-2022-AVI-007
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Moxa. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Moxa | N/A | EDR-G903 microgiciel versions 5.6 et antérieures | ||
| Moxa | N/A | AWK-1137C microgiciel versions 1.6 et antérieures | ||
| Moxa | N/A | EDR-810 microgiciel versions 5.8 et antérieures | ||
| Moxa | N/A | AWK-4131A microgiciel versions 1.16 et antérieures | ||
| Moxa | N/A | EDR-G902 microgiciel versions 5.6 et antérieures | ||
| Moxa | N/A | AWK-3131A microgiciel versions 1.16 et antérieures | ||
| Moxa | N/A | AWK-1131A microgiciel versions 1.22 et antérieures |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "EDR-G903 microgiciel versions 5.6 et ant\u00e9rieures",
"product": {
"name": "N/A",
"vendor": {
"name": "Moxa",
"scada": true
}
}
},
{
"description": "AWK-1137C microgiciel versions 1.6 et ant\u00e9rieures",
"product": {
"name": "N/A",
"vendor": {
"name": "Moxa",
"scada": true
}
}
},
{
"description": "EDR-810 microgiciel versions 5.8 et ant\u00e9rieures",
"product": {
"name": "N/A",
"vendor": {
"name": "Moxa",
"scada": true
}
}
},
{
"description": "AWK-4131A microgiciel versions 1.16 et ant\u00e9rieures",
"product": {
"name": "N/A",
"vendor": {
"name": "Moxa",
"scada": true
}
}
},
{
"description": "EDR-G902 microgiciel versions 5.6 et ant\u00e9rieures",
"product": {
"name": "N/A",
"vendor": {
"name": "Moxa",
"scada": true
}
}
},
{
"description": "AWK-3131A microgiciel versions 1.16 et ant\u00e9rieures",
"product": {
"name": "N/A",
"vendor": {
"name": "Moxa",
"scada": true
}
}
},
{
"description": "AWK-1131A microgiciel versions 1.22 et ant\u00e9rieures",
"product": {
"name": "N/A",
"vendor": {
"name": "Moxa",
"scada": true
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2020-25685",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25685"
},
{
"name": "CVE-2020-25683",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25683"
},
{
"name": "CVE-2020-25682",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25682"
},
{
"name": "CVE-2020-25684",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25684"
},
{
"name": "CVE-2020-25687",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25687"
},
{
"name": "CVE-2020-25686",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25686"
},
{
"name": "CVE-2020-25681",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25681"
}
],
"links": [],
"reference": "CERTFR-2022-AVI-007",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-01-06T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Moxa.\nElles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code\narbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0\nl\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Moxa",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moxa du 06 janvier 2022",
"url": "https://www.moxa.com/en/support/product-support/security-advisory/vulnerabilities-in-dnsmasq-affecting-awk-3131a-4131a-1137c-1131a-series"
}
]
}
CERTFR-2022-AVI-007
Vulnerability from certfr_avis - Published: - Updated:
De multiples vulnérabilités ont été découvertes dans les produits Moxa. Elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, un déni de service à distance et une atteinte à l'intégrité des données.
Solution
Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).
NoneImpacted products
| Vendor | Product | Description | ||
|---|---|---|---|---|
| Moxa | N/A | EDR-G903 microgiciel versions 5.6 et antérieures | ||
| Moxa | N/A | AWK-1137C microgiciel versions 1.6 et antérieures | ||
| Moxa | N/A | EDR-810 microgiciel versions 5.8 et antérieures | ||
| Moxa | N/A | AWK-4131A microgiciel versions 1.16 et antérieures | ||
| Moxa | N/A | EDR-G902 microgiciel versions 5.6 et antérieures | ||
| Moxa | N/A | AWK-3131A microgiciel versions 1.16 et antérieures | ||
| Moxa | N/A | AWK-1131A microgiciel versions 1.22 et antérieures |
References
| Title | Publication Time | Tags | |||
|---|---|---|---|---|---|
|
|||||
{
"$ref": "https://www.cert.ssi.gouv.fr/openapi.json",
"affected_systems": [
{
"description": "EDR-G903 microgiciel versions 5.6 et ant\u00e9rieures",
"product": {
"name": "N/A",
"vendor": {
"name": "Moxa",
"scada": true
}
}
},
{
"description": "AWK-1137C microgiciel versions 1.6 et ant\u00e9rieures",
"product": {
"name": "N/A",
"vendor": {
"name": "Moxa",
"scada": true
}
}
},
{
"description": "EDR-810 microgiciel versions 5.8 et ant\u00e9rieures",
"product": {
"name": "N/A",
"vendor": {
"name": "Moxa",
"scada": true
}
}
},
{
"description": "AWK-4131A microgiciel versions 1.16 et ant\u00e9rieures",
"product": {
"name": "N/A",
"vendor": {
"name": "Moxa",
"scada": true
}
}
},
{
"description": "EDR-G902 microgiciel versions 5.6 et ant\u00e9rieures",
"product": {
"name": "N/A",
"vendor": {
"name": "Moxa",
"scada": true
}
}
},
{
"description": "AWK-3131A microgiciel versions 1.16 et ant\u00e9rieures",
"product": {
"name": "N/A",
"vendor": {
"name": "Moxa",
"scada": true
}
}
},
{
"description": "AWK-1131A microgiciel versions 1.22 et ant\u00e9rieures",
"product": {
"name": "N/A",
"vendor": {
"name": "Moxa",
"scada": true
}
}
}
],
"affected_systems_content": null,
"content": "## Solution\n\nSe r\u00e9f\u00e9rer au bulletin de s\u00e9curit\u00e9 de l\u0027\u00e9diteur pour l\u0027obtention des\ncorrectifs (cf. section Documentation).\n",
"cves": [
{
"name": "CVE-2020-25685",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25685"
},
{
"name": "CVE-2020-25683",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25683"
},
{
"name": "CVE-2020-25682",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25682"
},
{
"name": "CVE-2020-25684",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25684"
},
{
"name": "CVE-2020-25687",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25687"
},
{
"name": "CVE-2020-25686",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25686"
},
{
"name": "CVE-2020-25681",
"url": "https://www.cve.org/CVERecord?id=CVE-2020-25681"
}
],
"links": [],
"reference": "CERTFR-2022-AVI-007",
"revisions": [
{
"description": "Version initiale",
"revision_date": "2022-01-06T00:00:00.000000"
}
],
"risks": [
{
"description": "D\u00e9ni de service \u00e0 distance"
},
{
"description": "Ex\u00e9cution de code arbitraire \u00e0 distance"
},
{
"description": "Atteinte \u00e0 l\u0027int\u00e9grit\u00e9 des donn\u00e9es"
}
],
"summary": "De multiples vuln\u00e9rabilit\u00e9s ont \u00e9t\u00e9 d\u00e9couvertes dans les produits Moxa.\nElles permettent \u00e0 un attaquant de provoquer une ex\u00e9cution de code\narbitraire \u00e0 distance, un d\u00e9ni de service \u00e0 distance et une atteinte \u00e0\nl\u0027int\u00e9grit\u00e9 des donn\u00e9es.\n",
"title": "Multiples vuln\u00e9rabilit\u00e9s dans les produits Moxa",
"vendor_advisories": [
{
"published_at": null,
"title": "Bulletin de s\u00e9curit\u00e9 Moxa du 06 janvier 2022",
"url": "https://www.moxa.com/en/support/product-support/security-advisory/vulnerabilities-in-dnsmasq-affecting-awk-3131a-4131a-1137c-1131a-series"
}
]
}
BDU:2021-01118
Vulnerability from fstec - Published: 20.01.2021
VLAI Severity ?
Title
Уязвимость функции extract_name() (rfc1035.c) DNS-сервера dnsmasq, связанная с переполнением буфера в динамической памяти, позволяющая нарушителю выполнить произвольный код
Description
Уязвимость функции extract_name() (rfc1035.c) DNS-сервера dnsmasq связана с переполнением буфера в динамической памяти. Эксплуатация уязвимости может позволить нарушителю, действующему удаленно, выполнить произвольный код
Severity ?
Vendor
Сообщество свободного программного обеспечения, ООО «РусБИТех-Астра», Fedora Project, Red Hat Inc., Simon Kelley, АО «ИВК», АО "НППКТ", АО «НТЦ ИТ РОСА», АО «Концерн ВНИИНС»
Software Name
Debian GNU/Linux, Astra Linux Special Edition (запись в едином реестре российских программ №369), Astra Linux Common Edition (запись в едином реестре российских программ №4433), Astra Linux Special Edition для «Эльбрус» (запись в едином реестре российских программ №11156), Fedora, OpenShift Container Platform, Red Hat Enterprise Linux, Dnsmasq, Альт 8 СП (запись в едином реестре российских программ №4305), ОСОН ОСнова Оnyx (запись в едином реестре российских программ №5913), ROSA Virtualization (запись в едином реестре российских программ №5091), ОС ОН «Стрелец» (запись в едином реестре российских программ №6177), ROSA Virtualization 3.0 (запись в едином реестре российских программ №21308)
Software Version
9 (Debian GNU/Linux), 1.6 «Смоленск» (Astra Linux Special Edition), 2.12 «Орёл» (Astra Linux Common Edition), 8 (Debian GNU/Linux), 10 (Debian GNU/Linux), 8.1 «Ленинград» (Astra Linux Special Edition для «Эльбрус»), 32 (Fedora), 4.4 (OpenShift Container Platform), 8.1 Extended Update Support (Red Hat Enterprise Linux), 33 (Fedora), 4.5 (OpenShift Container Platform), 8.2 Extended Update Support (Red Hat Enterprise Linux), 4.6 (OpenShift Container Platform), до 2.83 (Dnsmasq), - (Альт 8 СП), до 2.1 (ОСОН ОСнова Оnyx), 2.1 (ROSA Virtualization), до 16.01.2023 (ОС ОН «Стрелец»), 3.0 (ROSA Virtualization 3.0)
Possible Mitigations
Использование рекомендаций:
Для dnsmasq:
https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=4e96a4be685c9e4445f6ee79ad0b36b9119b502a
Для Fedora:
ttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGB7HL3OWHTLEPSMLDGOMXQKG3KM2QME/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WYW3IR6APUSKOYKL5FT3ACTIHWHGQY32/
Для программных продуктов Red Hat Inc.:
https://access.redhat.com/security/cve/cve-2020-25682
Для Debian:
https://security-tracker.debian.org/tracker/CVE-2020-25682
Для Astra Linux:
https://wiki.astralinux.ru/astra-linux-se16-bulletin-20210730SE16
https://wiki.astralinux.ru/pages/viewpage.action?pageId=47416144
https://wiki.astralinux.ru/astra-linux-se81-bulletin-20211019SE81
Для ОСОН Основа:
Обновление программного обеспечения dnsmasq до версии 2.80-1+deb10u1
Для ОС ОН «Стрелец»:
Обновление программного обеспечения dnsmasq до версии 2.76-5+deb9u3
Для ОС Альт 8 СП: установка обновления из публичного репозитория программного средства
Для программной системы управления средой виртуализации с подсистемой безагентного резервного копирования виртуальных машин «ROSA Virtualization 3.0»: https://abf.rosa.ru/advisories/ROSA-SA-2025-2691
Для системы управления средой виртуализации «ROSA Virtualization»: https://abf.rosa.ru/advisories/ROSA-SA-2025-2839
Reference
https://access.redhat.com/security/cve/cve-2020-25682
https://bugzilla.redhat.com/show_bug.cgi?id=1882014
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WYW3IR6APUSKOYKL5FT3ACTIHWHGQY32/
https://nvd.nist.gov/vuln/detail/CVE-2020-25682
https://security-tracker.debian.org/tracker/CVE-2020-25682
https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=4e96a4be685c9e4445f6ee79ad0b36b9119b502a
https://wiki.astralinux.ru/astra-linux-se16-bulletin-20210611SE16
https://www.debian.org/security/2021/dsa-4844
ttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGB7HL3OWHTLEPSMLDGOMXQKG3KM2QME/
https://wiki.astralinux.ru/pages/viewpage.action?pageId=47416144
https://wiki.astralinux.ru/astra-linux-se81-bulletin-20211019SE81
https://поддержка.нппкт.рф/bin/view/ОСнова/Обновления/2.1/
https://strelets.net/patchi-i-obnovleniya-bezopasnosti#16012023
https://altsp.su/obnovleniya-bezopasnosti/
https://abf.rosa.ru/advisories/ROSA-SA-2025-2691
https://abf.rosa.ru/advisories/ROSA-SA-2025-2839
CWE
CWE-122, CWE-787
{
"CVSS 2.0": "AV:N/AC:M/Au:N/C:P/I:P/A:C",
"CVSS 3.0": "AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"CVSS 4.0": null,
"remediation_\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": null,
"remediation_\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435": null,
"\u0412\u0435\u043d\u0434\u043e\u0440 \u041f\u041e": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f, \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb, Fedora Project, Red Hat Inc., Simon Kelley, \u0410\u041e \u00ab\u0418\u0412\u041a\u00bb, \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\", \u0410\u041e \u00ab\u041d\u0422\u0426 \u0418\u0422 \u0420\u041e\u0421\u0410\u00bb, \u0410\u041e \u00ab\u041a\u043e\u043d\u0446\u0435\u0440\u043d \u0412\u041d\u0418\u0418\u041d\u0421\u00bb",
"\u0412\u0435\u0440\u0441\u0438\u044f \u041f\u041e": "9 (Debian GNU/Linux), 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (Astra Linux Special Edition), 2.12 \u00ab\u041e\u0440\u0451\u043b\u00bb (Astra Linux Common Edition), 8 (Debian GNU/Linux), 10 (Debian GNU/Linux), 8.1 \u00ab\u041b\u0435\u043d\u0438\u043d\u0433\u0440\u0430\u0434\u00bb (Astra Linux Special Edition \u0434\u043b\u044f \u00ab\u042d\u043b\u044c\u0431\u0440\u0443\u0441\u00bb), 32 (Fedora), 4.4 (OpenShift Container Platform), 8.1 Extended Update Support (Red Hat Enterprise Linux), 33 (Fedora), 4.5 (OpenShift Container Platform), 8.2 Extended Update Support (Red Hat Enterprise Linux), 4.6 (OpenShift Container Platform), \u0434\u043e 2.83 (Dnsmasq), - (\u0410\u043b\u044c\u0442 8 \u0421\u041f), \u0434\u043e 2.1 (\u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx), 2.1 (ROSA Virtualization), \u0434\u043e 16.01.2023 (\u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb), 3.0 (ROSA Virtualization 3.0)",
"\u0412\u043e\u0437\u043c\u043e\u0436\u043d\u044b\u0435 \u043c\u0435\u0440\u044b \u043f\u043e \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044e": "\u0418\u0441\u043f\u043e\u043b\u044c\u0437\u043e\u0432\u0430\u043d\u0438\u0435 \u0440\u0435\u043a\u043e\u043c\u0435\u043d\u0434\u0430\u0446\u0438\u0439:\n\u0414\u043b\u044f dnsmasq:\nhttps://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=4e96a4be685c9e4445f6ee79ad0b36b9119b502a\n\n\u0414\u043b\u044f Fedora:\nttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGB7HL3OWHTLEPSMLDGOMXQKG3KM2QME/ \nhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WYW3IR6APUSKOYKL5FT3ACTIHWHGQY32/\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u044b\u0445 \u043f\u0440\u043e\u0434\u0443\u043a\u0442\u043e\u0432 Red Hat Inc.:\nhttps://access.redhat.com/security/cve/cve-2020-25682\n\n\u0414\u043b\u044f Debian:\nhttps://security-tracker.debian.org/tracker/CVE-2020-25682\n\n\u0414\u043b\u044f Astra Linux:\nhttps://wiki.astralinux.ru/astra-linux-se16-bulletin-20210730SE16\nhttps://wiki.astralinux.ru/pages/viewpage.action?pageId=47416144\nhttps://wiki.astralinux.ru/astra-linux-se81-bulletin-20211019SE81\n\n\u0414\u043b\u044f \u041e\u0421\u041e\u041d \u041e\u0441\u043d\u043e\u0432\u0430:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f dnsmasq \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 2.80-1+deb10u1\n\n\u0414\u043b\u044f \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb:\n\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f dnsmasq \u0434\u043e \u0432\u0435\u0440\u0441\u0438\u0438 2.76-5+deb9u3\n\n\u0414\u043b\u044f \u041e\u0421 \u0410\u043b\u044c\u0442 8 \u0421\u041f: \u0443\u0441\u0442\u0430\u043d\u043e\u0432\u043a\u0430 \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f \u0438\u0437 \u043f\u0443\u0431\u043b\u0438\u0447\u043d\u043e\u0433\u043e \u0440\u0435\u043f\u043e\u0437\u0438\u0442\u043e\u0440\u0438\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u0430\n\n\u0414\u043b\u044f \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0439 \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0441\u0440\u0435\u0434\u043e\u0439 \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u0441 \u043f\u043e\u0434\u0441\u0438\u0441\u0442\u0435\u043c\u043e\u0439 \u0431\u0435\u0437\u0430\u0433\u0435\u043d\u0442\u043d\u043e\u0433\u043e \u0440\u0435\u0437\u0435\u0440\u0432\u043d\u043e\u0433\u043e \u043a\u043e\u043f\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u044f \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u044c\u043d\u044b\u0445 \u043c\u0430\u0448\u0438\u043d \u00abROSA Virtualization 3.0\u00bb: https://abf.rosa.ru/advisories/ROSA-SA-2025-2691\n\n\u0414\u043b\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u044b \u0443\u043f\u0440\u0430\u0432\u043b\u0435\u043d\u0438\u044f \u0441\u0440\u0435\u0434\u043e\u0439 \u0432\u0438\u0440\u0442\u0443\u0430\u043b\u0438\u0437\u0430\u0446\u0438\u0438 \u00abROSA Virtualization\u00bb: https://abf.rosa.ru/advisories/ROSA-SA-2025-2839",
"\u0414\u0430\u0442\u0430 \u0432\u044b\u044f\u0432\u043b\u0435\u043d\u0438\u044f": "20.01.2021",
"\u0414\u0430\u0442\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0435\u0433\u043e \u043e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f": "19.08.2025",
"\u0414\u0430\u0442\u0430 \u043f\u0443\u0431\u043b\u0438\u043a\u0430\u0446\u0438\u0438": "03.03.2021",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440": "BDU:2021-01118",
"\u0418\u0434\u0435\u043d\u0442\u0438\u0444\u0438\u043a\u0430\u0442\u043e\u0440\u044b \u0434\u0440\u0443\u0433\u0438\u0445 \u0441\u0438\u0441\u0442\u0435\u043c \u043e\u043f\u0438\u0441\u0430\u043d\u0438\u0439 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "CVE-2020-25682",
"\u0418\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f \u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0430",
"\u041a\u043b\u0430\u0441\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u043a\u043e\u0434\u0430",
"\u041d\u0430\u0437\u0432\u0430\u043d\u0438\u0435 \u041f\u041e": "Debian GNU/Linux, Astra Linux Special Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), Astra Linux Common Edition (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21164433), Astra Linux Special Edition \u0434\u043b\u044f \u00ab\u042d\u043b\u044c\u0431\u0440\u0443\u0441\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u211611156), Fedora, OpenShift Container Platform, Red Hat Enterprise Linux, Dnsmasq, \u0410\u043b\u044c\u0442 8 \u0421\u041f (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21164305), \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913), ROSA Virtualization (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165091), \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21166177), ROSA Virtualization 3.0 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u211621308)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u041e\u0421 \u0438 \u0442\u0438\u043f \u0430\u043f\u043f\u0430\u0440\u0430\u0442\u043d\u043e\u0439 \u043f\u043b\u0430\u0442\u0444\u043e\u0440\u043c\u044b": "\u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 9 , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition 1.6 \u00ab\u0421\u043c\u043e\u043b\u0435\u043d\u0441\u043a\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u2116369), \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Common Edition 2.12 \u00ab\u041e\u0440\u0451\u043b\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21164433), \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 8 , \u0421\u043e\u043e\u0431\u0449\u0435\u0441\u0442\u0432\u043e \u0441\u0432\u043e\u0431\u043e\u0434\u043d\u043e\u0433\u043e \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f Debian GNU/Linux 10 , \u041e\u041e\u041e \u00ab\u0420\u0443\u0441\u0411\u0418\u0422\u0435\u0445-\u0410\u0441\u0442\u0440\u0430\u00bb Astra Linux Special Edition \u0434\u043b\u044f \u00ab\u042d\u043b\u044c\u0431\u0440\u0443\u0441\u00bb 8.1 \u00ab\u041b\u0435\u043d\u0438\u043d\u0433\u0440\u0430\u0434\u00bb (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u211611156), Fedora Project Fedora 32 , Red Hat Inc. Red Hat Enterprise Linux 8.1 Extended Update Support , Fedora Project Fedora 33 , Red Hat Inc. Red Hat Enterprise Linux 8.2 Extended Update Support , \u0410\u041e \u00ab\u0418\u0412\u041a\u00bb \u0410\u043b\u044c\u0442 8 \u0421\u041f - (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21164305), \u0410\u041e \"\u041d\u041f\u041f\u041a\u0422\" \u041e\u0421\u041e\u041d \u041e\u0421\u043d\u043e\u0432\u0430 \u041enyx \u0434\u043e 2.1 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165913), \u0410\u041e \u00ab\u041d\u0422\u0426 \u0418\u0422 \u0420\u041e\u0421\u0410\u00bb ROSA Virtualization 2.1 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21165091), \u0410\u041e \u00ab\u041a\u043e\u043d\u0446\u0435\u0440\u043d \u0412\u041d\u0418\u0418\u041d\u0421\u00bb \u041e\u0421 \u041e\u041d \u00ab\u0421\u0442\u0440\u0435\u043b\u0435\u0446\u00bb \u0434\u043e 16.01.2023 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u21166177), \u0410\u041e \u00ab\u041d\u0422\u0426 \u0418\u0422 \u0420\u041e\u0421\u0410\u00bb ROSA Virtualization 3.0 3.0 (\u0437\u0430\u043f\u0438\u0441\u044c \u0432 \u0435\u0434\u0438\u043d\u043e\u043c \u0440\u0435\u0435\u0441\u0442\u0440\u0435 \u0440\u043e\u0441\u0441\u0438\u0439\u0441\u043a\u0438\u0445 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c \u211621308)",
"\u041d\u0430\u0438\u043c\u0435\u043d\u043e\u0432\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 extract_name() (rfc1035.c) DNS-\u0441\u0435\u0440\u0432\u0435\u0440\u0430 dnsmasq, \u0441\u0432\u044f\u0437\u0430\u043d\u043d\u0430\u044f \u0441 \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435\u043c \u0431\u0443\u0444\u0435\u0440\u0430 \u0432 \u0434\u0438\u043d\u0430\u043c\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u043f\u0430\u043c\u044f\u0442\u0438, \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u044e\u0449\u0430\u044f \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434",
"\u041d\u0430\u043b\u0438\u0447\u0438\u0435 \u044d\u043a\u0441\u043f\u043b\u043e\u0439\u0442\u0430": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "\u041f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435 \u0431\u0443\u0444\u0435\u0440\u0430 \u0432 \u0434\u0438\u043d\u0430\u043c\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u043f\u0430\u043c\u044f\u0442\u0438 (CWE-122), \u0417\u0430\u043f\u0438\u0441\u044c \u0437\u0430 \u0433\u0440\u0430\u043d\u0438\u0446\u0430\u043c\u0438 \u0431\u0443\u0444\u0435\u0440\u0430 (CWE-787)",
"\u041e\u043f\u0438\u0441\u0430\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0423\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u044c \u0444\u0443\u043d\u043a\u0446\u0438\u0438 extract_name() (rfc1035.c) DNS-\u0441\u0435\u0440\u0432\u0435\u0440\u0430 dnsmasq \u0441\u0432\u044f\u0437\u0430\u043d\u0430 \u0441 \u043f\u0435\u0440\u0435\u043f\u043e\u043b\u043d\u0435\u043d\u0438\u0435\u043c \u0431\u0443\u0444\u0435\u0440\u0430 \u0432 \u0434\u0438\u043d\u0430\u043c\u0438\u0447\u0435\u0441\u043a\u043e\u0439 \u043f\u0430\u043c\u044f\u0442\u0438. \u042d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u044f \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438 \u043c\u043e\u0436\u0435\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u0438\u0442\u044c \u043d\u0430\u0440\u0443\u0448\u0438\u0442\u0435\u043b\u044e, \u0434\u0435\u0439\u0441\u0442\u0432\u0443\u044e\u0449\u0435\u043c\u0443 \u0443\u0434\u0430\u043b\u0435\u043d\u043d\u043e, \u0432\u044b\u043f\u043e\u043b\u043d\u0438\u0442\u044c \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u043b\u044c\u043d\u044b\u0439 \u043a\u043e\u0434",
"\u041f\u043e\u0441\u043b\u0435\u0434\u0441\u0442\u0432\u0438\u044f \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": null,
"\u041f\u0440\u043e\u0447\u0430\u044f \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u044f": null,
"\u0421\u0432\u044f\u0437\u044c \u0441 \u0438\u043d\u0446\u0438\u0434\u0435\u043d\u0442\u0430\u043c\u0438 \u0418\u0411": "\u0414\u0430\u043d\u043d\u044b\u0435 \u0443\u0442\u043e\u0447\u043d\u044f\u044e\u0442\u0441\u044f",
"\u0421\u043e\u0441\u0442\u043e\u044f\u043d\u0438\u0435 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041e\u043f\u0443\u0431\u043b\u0438\u043a\u043e\u0432\u0430\u043d\u0430",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u0443\u0441\u0442\u0440\u0430\u043d\u0435\u043d\u0438\u044f": "\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0433\u043e \u043e\u0431\u0435\u0441\u043f\u0435\u0447\u0435\u043d\u0438\u044f",
"\u0421\u043f\u043e\u0441\u043e\u0431 \u044d\u043a\u0441\u043f\u043b\u0443\u0430\u0442\u0430\u0446\u0438\u0438": "\u041c\u0430\u043d\u0438\u043f\u0443\u043b\u0438\u0440\u043e\u0432\u0430\u043d\u0438\u0435 \u0441\u0442\u0440\u0443\u043a\u0442\u0443\u0440\u0430\u043c\u0438 \u0434\u0430\u043d\u043d\u044b\u0445",
"\u0421\u0441\u044b\u043b\u043a\u0438 \u043d\u0430 \u0438\u0441\u0442\u043e\u0447\u043d\u0438\u043a\u0438": "https://access.redhat.com/security/cve/cve-2020-25682\nhttps://bugzilla.redhat.com/show_bug.cgi?id=1882014\nhttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WYW3IR6APUSKOYKL5FT3ACTIHWHGQY32/\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-25682\nhttps://security-tracker.debian.org/tracker/CVE-2020-25682\nhttps://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=4e96a4be685c9e4445f6ee79ad0b36b9119b502a\nhttps://wiki.astralinux.ru/astra-linux-se16-bulletin-20210611SE16\nhttps://www.debian.org/security/2021/dsa-4844\nttps://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGB7HL3OWHTLEPSMLDGOMXQKG3KM2QME/\nhttps://wiki.astralinux.ru/pages/viewpage.action?pageId=47416144\nhttps://wiki.astralinux.ru/astra-linux-se81-bulletin-20211019SE81\nhttps://\u043f\u043e\u0434\u0434\u0435\u0440\u0436\u043a\u0430.\u043d\u043f\u043f\u043a\u0442.\u0440\u0444/bin/view/\u041e\u0421\u043d\u043e\u0432\u0430/\u041e\u0431\u043d\u043e\u0432\u043b\u0435\u043d\u0438\u044f/2.1/\nhttps://strelets.net/patchi-i-obnovleniya-bezopasnosti#16012023\nhttps://altsp.su/obnovleniya-bezopasnosti/\nhttps://abf.rosa.ru/advisories/ROSA-SA-2025-2691\nhttps://abf.rosa.ru/advisories/ROSA-SA-2025-2839",
"\u0421\u0442\u0430\u0442\u0443\u0441 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u041f\u043e\u0434\u0442\u0432\u0435\u0440\u0436\u0434\u0435\u043d\u0430 \u043f\u0440\u043e\u0438\u0437\u0432\u043e\u0434\u0438\u0442\u0435\u043b\u0435\u043c",
"\u0422\u0438\u043f \u041f\u041e": "\u041e\u043f\u0435\u0440\u0430\u0446\u0438\u043e\u043d\u043d\u0430\u044f \u0441\u0438\u0441\u0442\u0435\u043c\u0430, \u041f\u0440\u0438\u043a\u043b\u0430\u0434\u043d\u043e\u0435 \u041f\u041e \u0438\u043d\u0444\u043e\u0440\u043c\u0430\u0446\u0438\u043e\u043d\u043d\u044b\u0445 \u0441\u0438\u0441\u0442\u0435\u043c, \u0421\u0435\u0442\u0435\u0432\u043e\u0435 \u043f\u0440\u043e\u0433\u0440\u0430\u043c\u043c\u043d\u043e\u0435 \u0441\u0440\u0435\u0434\u0441\u0442\u0432\u043e",
"\u0422\u0438\u043f \u043e\u0448\u0438\u0431\u043a\u0438 CWE": "CWE-122, CWE-787",
"\u0423\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 \u0443\u044f\u0437\u0432\u0438\u043c\u043e\u0441\u0442\u0438": "\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 2.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 7,6)\n\u0412\u044b\u0441\u043e\u043a\u0438\u0439 \u0443\u0440\u043e\u0432\u0435\u043d\u044c \u043e\u043f\u0430\u0441\u043d\u043e\u0441\u0442\u0438 (\u0431\u0430\u0437\u043e\u0432\u0430\u044f \u043e\u0446\u0435\u043d\u043a\u0430 CVSS 3.0 \u0441\u043e\u0441\u0442\u0430\u0432\u043b\u044f\u0435\u0442 8,1)"
}
CISCO-SA-DNSMASQ-DNS-2021-C5MRDF3G
Vulnerability from csaf_cisco - Published: 2021-01-19 12:15 - Updated: 2021-08-30 17:24Summary
Multiple Vulnerabilities in dnsmasq DNS Forwarder Affecting Cisco Products: January 2021
Notes
Summary: A set of previously unknown vulnerabilities in the DNS forwarder implementation of dnsmasq were disclosed on January 19, 2021. The vulnerabilities are collectively known as DNSpooq.
Exploitation of these vulnerabilities could result in remote code execution or denial of service (DoS), or may allow an attacker to more easily forge DNS answers that can poison DNS caches, depending on the specific vulnerability.
Multiple Cisco products are affected by these vulnerabilities.
Cisco will release software updates that address these vulnerabilities. Any workarounds for a specific Cisco product or service will be documented in the relevant Cisco bugs, which are identified in the Vulnerable Products ["#vp"] section of this advisory.
Note: At the time of publication, no Cisco products were found to be affected by the remote code execution and DoS vulnerabilities, which are identified by the following Common Vulnerabilities and Exposures (CVE) IDs:
CVE-2020-25681
CVE-2020-25682
CVE-2020-25683
CVE-2020-25687
Affected Products: Cisco investigated its product line to determine which products may be affected by these vulnerabilities.
The Vulnerable Products ["#vp"] section includes Cisco bug IDs for each affected product or service. The bugs are accessible through the Cisco Bug Search Tool ["https://bst.cloudapps.cisco.com/bugsearch/bug/BUGID"] and contain additional platform-specific information, including workarounds (if available) and fixed software releases.
Any product or service not listed in Vulnerable Products ["#vp"] section of this advisory is to be considered not vulnerable.
Vulnerable Products: For information about which Cisco software releases are vulnerable, see the Fixed Software ["#fs"] section of this advisory.
At the time of this investigation, no Cisco products have been found to be affected by the remote code execution and DoS vulnerabilities.
Multiple Cisco products have been found to be susceptible to DNS cache poisoning attacks. The following table lists Cisco products that have been found to be susceptible to DNS cache poisoning attacks.
If a future release date is indicated for software, the date provided represents an estimate based on all information known to Cisco as of the Last Updated date at the top of the advisory. Availability dates are subject to change based on a number of factors, including satisfactory testing results and delivery of other priority features and fixes. If no version or date is listed for an affected component (indicated by a blank field and/or an advisory designation of Interim), Cisco is continuing to evaluate the fix and will update the advisory as additional information becomes available. After the advisory is marked Final, customers should refer to the associated Cisco bug(s) for further details.
Product Cisco Bug ID Fixed Release Availability Network Management and Provisioning Cisco Aironet 1560 Series Access Points CSCvv83754 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83754"] Wireless LAN Controller:
8.10.151.0
8.5.171.0
Catalyst 9800 Wireless Controller:
16.12.5
17.3.3
17.5.1 (Mar 2021) Cisco Aironet 1810 Series OfficeExtend Access Points CSCvv83754 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83754"] Wireless LAN Controller:
8.10.151.0
8.5.171.0
Catalyst 9800 Wireless Controller:
16.12.5
17.3.3
17.5.1 (Mar 2021) Cisco Aironet 1810w Series Access Points CSCvv83754 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83754"] Wireless LAN Controller:
8.10.151.0
8.5.171.0
Catalyst 9800 Wireless Controller:
16.12.5
17.3.3
17.5.1 (Mar 2021) Cisco Aironet 1815 Series Access Points CSCvv83754 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83754"] Wireless LAN Controller:
8.10.151.0
8.5.171.0
Catalyst 9800 Wireless Controller:
16.12.5
17.3.3
17.5.1 (Mar 2021) Cisco Aironet 1830 Series Access Points CSCvv83754 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83754"] Wireless LAN Controller:
8.10.151.0
8.5.171.0
Catalyst 9800 Wireless Controller:
16.12.5
17.3.3
17.5.1 (Mar 2021) Cisco Aironet 1850 Series Access Points CSCvv83754 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83754"] Wireless LAN Controller:
8.10.151.0
8.5.171.0
Catalyst 9800 Wireless Controller:
16.12.5
17.3.3
17.5.1 (Mar 2021) Cisco Aironet 2800 Series Access Points CSCvv83754 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83754"] Wireless LAN Controller:
8.10.151.0
8.5.171.0
Catalyst 9800 Wireless Controller:
16.12.5
17.3.3
17.5.1 (Mar 2021) Cisco Aironet 3800 Series Access Points CSCvv83754 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83754"] Wireless LAN Controller:
8.10.151.0
8.5.171.0
Catalyst 9800 Wireless Controller:
16.12.5
17.3.3
17.5.1 (Mar 2021) Cisco Aironet 4800 Access Points CSCvv83754 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83754"] Wireless LAN Controller:
8.10.151.0
8.5.171.0
Catalyst 9800 Wireless Controller:
16.12.5
17.3.3
17.5.1 (Mar 2021) Cisco Business 100 Series Access Points CSCvv83754 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83754"] 10.4.1.0 (Mar 2021) Cisco Business 200 Series Access Points CSCvv83754 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83754"] 10.4.1.0 (Mar 2021) Cisco Catalyst 9100 Access Points CSCvv83754 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83754"] Wireless LAN Controller:
8.10.151.0
Catalyst 9800 Wireless Controller:
16.12.5
17.3.3
17.5.1 (Mar 2021) Cisco Catalyst IW6300 Access Points CSCvv83754 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83754"] Wireless LAN Controller:
8.10.151.0
Catalyst 9800 Wireless Controller:
16.12.5
17.3.3
17.5.1 (Mar 2021) Cisco ESW6300 Series Access Points CSCvv83754 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83754"] Wireless LAN Controller:
8.10.151.0
Catalyst 9800 Wireless Controller:
16.12.5
17.3.3
17.5.1 (Mar 2021) Cisco Policy Suite CSCvv83241 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83241"] 21.1.0 Routing and Switching - Enterprise and Service Provider Cisco 1000 Series Connected Grid Routers (CGR1000 compute module) CSCvv84554 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv84554"] 15.9(3)M4 (Jul 2021) Cisco IR800 Integrated Services Router (Guest OS) CSCvv84553 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv84553"] 15.9(3)M4 (Jul 2021) Cisco Wireless Gateway for LoRaWAN CSCvw00914 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvw00914"] 2.1.0.3 (Mar 2021) Meraki Products Cisco Meraki MR (all models) N/A Release no. TBD (Aug 2021) Cisco Meraki MS (all models) N/A Release no. TBD (Aug 2021) Cisco Meraki MV (all models) N/A Release no. TBD (Aug 2021) Cisco Meraki MX (all models) N/A Release no. TBD (Aug 2021) Cisco Meraki Z-Series (all models) N/A Release no. TBD (Aug 2021) Routing and Switching - Small Business Cisco RV042 Dual WAN VPN Router CSCvv83789 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83789"] None planned Cisco RV042G Dual Gigabit WAN VPN Router CSCvv83789 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83789"] None planned Cisco RV160x VPN Router CSCvv83787 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83787"] 1.0.02.x (Mar 2021) Cisco RV260x VPN Router CSCvv83788 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83788"] 1.0.02.x (Mar 2021) Cisco RV340W Dual WAN Gigabit Wireless-AC VPN Router CSCvv83239 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83239"] 1.0.04.x (Mar 2021) Cisco Small Business RV Series RV110W Wireless-N VPN Firewall CSCvv83235 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83235"] None planned Cisco Small Business RV Series RV215W Wireless-N VPN Router CSCvv83237 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83237"] None planned Cisco Small Business RV Series RV320 Dual Gigabit WAN VPN Router CSCvv83238 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83238"] None planned Cisco Small Business RV Series RV325 Dual WAN VPN Router CSCvv83816 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83816"] None planned Cisco Small Business RV130 Series VPN Routers CSCvv83791 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83791"] None planned Cisco Small Business RV130 VPN Router CSCvv83236 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83236"] None planned Unified Computing Cisco Enterprise NFV Infrastructure Software (NFVIS) CSCvw00975 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvw00975"] 4.5 (Mar 2021) Voice and Unified Communications Devices Cisco IP Conference Phone 7832 CSCvv83246 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83246"] 14.0 (Mar 2021) Cisco IP Conference Phone 8832 CSCvv83250 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83250"] 14.0 (Mar 2021) Cisco IP Phone 6800 Series with Multiplatform Firmware CSCvv83248 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83248"] 11.3.4 (Jun 2021) Cisco IP Phone 6821 with Multiplatform Firmware CSCvw00982 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvw00982"] 11.3.4 (Jun 2021) Cisco IP Phone 7800 Series with Multiplatform Firmware CSCvv83243 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83243"] 11.3.4 (Jun 2021) Cisco IP Phone 7800 Series CSCvv83249 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83249"] 14.0 (Mar 2021) Cisco IP Phone 8800 Series with Multiplatform Firmware CSCvv83242 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83242"] 11.3.4 (Jun 2021) Cisco IP Phone 8800 Series CSCvv83242 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83242"] 14.0 (Mar 2021) Cisco IP Phone 8865 CSCvv83245 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83245"] 14.0 (Mar 2021) Cisco SPA112 2-Port Phone Adapter CSCvv83234 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83234"] None planned Cisco SPA122 Analog Telephone Adapter (ATA) with Router CSCvv83234 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83234"] None planned Cisco SPA232D Multi-Line DECT Analog Telephone Adapter (ATA) CSCvv83234 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83234"] None planned Cisco Unified IP Phone 9951 CSCvv83247 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83247"]
None planned Cisco Unified IP Phone 9971 CSCvv83247 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83247"]
None planned Cisco Wireless IP Phone 8821 CSCvw00918 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvw00918"] 11.0(6)SR1 (Apr 2021) Video, Streaming, TelePresence, and Transcoding Devices Cisco Expressway Series CSCvv83227 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83227"] X12.7.1 Cisco TelePresence Video Communication Server (VCS) CSCvv83227 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83227"] X12.7.1 Cisco Cloud Hosted Services Cisco IP Phone 6800 Series CSCvw01205 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvw01205"] 11.3.4 (Jun 2021) Cisco Spark Calling CSCvw00907 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvw00907"] X12.7.1 (Feb 2021) Cisco Webex Teams (formerly Cisco Spark) CSCvv83214 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83214"] None planned Cisco Webex Room Phone CSCvv87082 ["https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv87082"] 1.2(0)SR1 (Aug 2021)
Products Confirmed Not Vulnerable: Only products listed in the Vulnerable Products ["#vp"] section of this advisory are known to be affected by these vulnerabilities.
Cisco products that do not offer DNS server capabilities are not affected by these vulnerabilities. Cisco has also confirmed that Cisco IOS XE Software is not affected by any of these vulnerabilities.
At the time of publication, no Cisco products were found to be affected by the vulnerabilities identified by the following Common Vulnerabilities and Exposures (CVE) IDs:
CVE-2020-25681
CVE-2020-25682
CVE-2020-25683
CVE-2020-25687
Details: Remote Code Execution and Denial of Service Vulnerabilities
Multiple vulnerabilities in the DNSSEC implementation of dnsmasq could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition on an affected device.
The vulnerabilities are due to improper memory management when the affected software processes DNS packets with DNSSEC data. An attacker could exploit these vulnerabilities by sending malicious DNS packets to be processed by the affected device.
When these packets are processed, an exploitable overflow condition may occur. A successful exploit could allow the attacker to execute arbitrary code with the privileges of the underlying dnsmasq software or cause DoS condition on the affected device.
These vulnerabilities affect dnsmasq installations that match all of the following criteria:
Include a vulnerable release of dnsmasq
Capable of acting as a DNS server
Capable of validating DNSSEC data
These vulnerabilities have been assigned the following CVE IDs:
CVE-2020-25681
CVE-2020-25682
CVE-2020-25683
CVE-2020-25687
At the time of this investigation, no Cisco products have been found to be affected by these vulnerabilities.
DNS Cache Poisoning Attacks
Multiple weaknesses in the DNS server functionality of dnsmasq could allow an unauthenticated, remote attacker to more easily forge DNS answers that can poison DNS caches.
Each weakness results in dnsmasq accepting DNS answers based on checks that are performed on an amount of entropy that is lower than what is mandated by RFC 5452. The combination of these weaknesses would allow an attacker to mount a successful DNS cache poisoning attack with low traffic requirements.
These weaknesses affect dnsmasq installations that match all of the following criteria:
Include a vulnerable release of dnsmasq
Capable of acting as a DNS server
Capable of caching DNS responses
These weaknesses have been assigned the following CVE IDs:
CVE-2020-25684
CVE-2020-25685
CVE-2020-25686
Multiple Cisco products have been found to be susceptible to DNS cache poisoning attacks.
Workarounds: Any workarounds for a specific Cisco product or service will be documented in the relevant Cisco bugs, which are identified in the Vulnerable Products ["#vp"] section of this advisory.
Fixed Software: For information about fixed software releases ["https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html#fixes"], consult the Cisco bugs identified in the Vulnerable Products ["https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dnsmasq-dns-2021-c5mrdf3g#vp"] section of this advisory.
When considering software upgrades ["https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html#fixes"], customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories page ["https://www.cisco.com/go/psirt"], to determine exposure and a complete upgrade solution.
In all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers.
Vulnerability Policy: To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy ["https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html"]. This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco.
Exploitation and Public Announcements: The Cisco Product Security Incident Response Team (PSIRT) is aware that proof-of-concept exploit code is available for the vulnerabilities that are described in this advisory.
Cisco PSIRT is not aware of any malicious use of the vulnerabilities that are described in this advisory.
Source: Cisco would like to thank Moshe Kol and Shlomi Oberman of JSOF for reporting these vulnerabilities, which were investigated and disclosed under the coordination of CERT/CC.
Legal Disclaimer: THIS DOCUMENT IS PROVIDED ON AN "AS IS" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.
A standalone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy and may lack important information or contain factual errors. The information in this document is intended for end users of Cisco products.
5.9 (Medium)
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Cisco NX-OS Software
Cisco
|
— |
Vendor Fix
fix
|
|
|
Cisco TelePresence Video Communication Server (VCS) Expressway
Cisco
|
— |
Vendor Fix
fix
|
|
|
Cisco Identity Services Engine Software
Cisco
|
— |
Vendor Fix
fix
|
|
|
Cisco Session Initiation Protocol (SIP) Software
Cisco
|
— |
Vendor Fix
fix
|
5.9 (Medium)
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Cisco Identity Services Engine Software
Cisco
|
— |
Vendor Fix
fix
|
|
|
Cisco TelePresence Video Communication Server (VCS) Expressway
Cisco
|
— |
Vendor Fix
fix
|
|
|
Cisco NX-OS Software
Cisco
|
— |
Vendor Fix
fix
|
|
|
Cisco Session Initiation Protocol (SIP) Software
Cisco
|
— |
Vendor Fix
fix
|
8.1 (High)
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Cisco TelePresence Video Communication Server (VCS) Expressway
Cisco
|
— |
Vendor Fix
fix
|
|
|
Cisco NX-OS Software
Cisco
|
— |
Vendor Fix
fix
|
|
|
Cisco Session Initiation Protocol (SIP) Software
Cisco
|
— |
Vendor Fix
fix
|
|
|
Cisco Identity Services Engine Software
Cisco
|
— |
Vendor Fix
fix
|
8.1 (High)
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Cisco TelePresence Video Communication Server (VCS) Expressway
Cisco
|
— |
Vendor Fix
fix
|
|
|
Cisco Session Initiation Protocol (SIP) Software
Cisco
|
— |
Vendor Fix
fix
|
|
|
Cisco Identity Services Engine Software
Cisco
|
— |
Vendor Fix
fix
|
|
|
Cisco NX-OS Software
Cisco
|
— |
Vendor Fix
fix
|
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Cisco Session Initiation Protocol (SIP) Software
Cisco
|
— |
Vendor Fix
fix
|
|
|
Cisco NX-OS Software
Cisco
|
— |
Vendor Fix
fix
|
|
|
Cisco TelePresence Video Communication Server (VCS) Expressway
Cisco
|
— |
Vendor Fix
fix
|
|
|
Cisco Identity Services Engine Software
Cisco
|
— |
Vendor Fix
fix
|
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Cisco TelePresence Video Communication Server (VCS) Expressway
Cisco
|
— |
Vendor Fix
fix
|
|
|
Cisco Session Initiation Protocol (SIP) Software
Cisco
|
— |
Vendor Fix
fix
|
|
|
Cisco Identity Services Engine Software
Cisco
|
— |
Vendor Fix
fix
|
|
|
Cisco NX-OS Software
Cisco
|
— |
Vendor Fix
fix
|
Affected products
Known affected
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
|
Cisco Session Initiation Protocol (SIP) Software
Cisco
|
— |
Vendor Fix
fix
|
|
|
Cisco Identity Services Engine Software
Cisco
|
— |
Vendor Fix
fix
|
|
|
Cisco NX-OS Software
Cisco
|
— |
Vendor Fix
fix
|
|
|
Cisco TelePresence Video Communication Server (VCS) Expressway
Cisco
|
— |
Vendor Fix
fix
|
References
38 references
Acknowledgments
{
"document": {
"acknowledgments": [
{
"summary": "Cisco would like to thank Moshe Kol and Shlomi Oberman of JSOF for reporting these vulnerabilities, which were investigated and disclosed under the coordination of CERT/CC."
}
],
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"notes": [
{
"category": "summary",
"text": "A set of previously unknown vulnerabilities in the DNS forwarder implementation of dnsmasq were disclosed on January 19, 2021. The vulnerabilities are collectively known as DNSpooq.\r\n\r\nExploitation of these vulnerabilities could result in remote code execution or denial of service (DoS), or may allow an attacker to more easily forge DNS answers that can poison DNS caches, depending on the specific vulnerability.\r\n\r\nMultiple Cisco products are affected by these vulnerabilities.\r\n\r\nCisco will release software updates that address these vulnerabilities. Any workarounds for a specific Cisco product or service will be documented in the relevant Cisco bugs, which are identified in the Vulnerable Products [\"#vp\"] section of this advisory.\r\n\r\nNote: At the time of publication, no Cisco products were found to be affected by the remote code execution and DoS vulnerabilities, which are identified by the following Common Vulnerabilities and Exposures (CVE) IDs:\r\n\r\n\r\nCVE-2020-25681\r\nCVE-2020-25682\r\nCVE-2020-25683\r\nCVE-2020-25687\r\n\r\n",
"title": "Summary"
},
{
"category": "general",
"text": "Cisco investigated its product line to determine which products may be affected by these vulnerabilities.\r\n\r\nThe Vulnerable Products [\"#vp\"] section includes Cisco bug IDs for each affected product or service. The bugs are accessible through the Cisco Bug Search Tool [\"https://bst.cloudapps.cisco.com/bugsearch/bug/BUGID\"] and contain additional platform-specific information, including workarounds (if available) and fixed software releases.\r\n\r\nAny product or service not listed in Vulnerable Products [\"#vp\"] section of this advisory is to be considered not vulnerable.",
"title": "Affected Products"
},
{
"category": "general",
"text": "For information about which Cisco software releases are vulnerable, see the Fixed Software [\"#fs\"] section of this advisory.\r\n\r\nAt the time of this investigation, no Cisco products have been found to be affected by the remote code execution and DoS vulnerabilities.\r\n\r\nMultiple Cisco products have been found to be susceptible to DNS cache poisoning attacks. The following table lists Cisco products that have been found to be susceptible to DNS cache poisoning attacks.\r\n\r\nIf a future release date is indicated for software, the date provided represents an estimate based on all information known to Cisco as of the Last Updated date at the top of the advisory. Availability dates are subject to change based on a number of factors, including satisfactory testing results and delivery of other priority features and fixes. If no version or date is listed for an affected component (indicated by a blank field and/or an advisory designation of Interim), Cisco is continuing to evaluate the fix and will update the advisory as additional information becomes available. After the advisory is marked Final, customers should refer to the associated Cisco bug(s) for further details.\r\n Product Cisco Bug ID Fixed Release Availability Network Management and Provisioning Cisco Aironet 1560 Series Access Points CSCvv83754 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83754\"] Wireless LAN Controller:\r\n8.10.151.0\r\n8.5.171.0\r\n\r\nCatalyst 9800 Wireless Controller:\r\n16.12.5\r\n17.3.3\r\n17.5.1 (Mar 2021) Cisco Aironet 1810 Series OfficeExtend Access Points CSCvv83754 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83754\"] Wireless LAN Controller:\r\n8.10.151.0\r\n8.5.171.0\r\n\r\nCatalyst 9800 Wireless Controller:\r\n16.12.5\r\n17.3.3\r\n17.5.1 (Mar 2021) Cisco Aironet 1810w Series Access Points CSCvv83754 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83754\"] Wireless LAN Controller:\r\n8.10.151.0\r\n8.5.171.0\r\n\r\nCatalyst 9800 Wireless Controller:\r\n16.12.5\r\n17.3.3\r\n17.5.1 (Mar 2021) Cisco Aironet 1815 Series Access Points CSCvv83754 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83754\"] Wireless LAN Controller:\r\n8.10.151.0\r\n8.5.171.0\r\n\r\nCatalyst 9800 Wireless Controller:\r\n16.12.5\r\n17.3.3\r\n17.5.1 (Mar 2021) Cisco Aironet 1830 Series Access Points CSCvv83754 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83754\"] Wireless LAN Controller:\r\n8.10.151.0\r\n8.5.171.0\r\n\r\nCatalyst 9800 Wireless Controller:\r\n16.12.5\r\n17.3.3\r\n17.5.1 (Mar 2021) Cisco Aironet 1850 Series Access Points CSCvv83754 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83754\"] Wireless LAN Controller:\r\n8.10.151.0\r\n8.5.171.0\r\n\r\nCatalyst 9800 Wireless Controller:\r\n16.12.5\r\n17.3.3\r\n17.5.1 (Mar 2021) Cisco Aironet 2800 Series Access Points CSCvv83754 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83754\"] Wireless LAN Controller:\r\n8.10.151.0\r\n8.5.171.0\r\n\r\nCatalyst 9800 Wireless Controller:\r\n16.12.5\r\n17.3.3\r\n17.5.1 (Mar 2021) Cisco Aironet 3800 Series Access Points CSCvv83754 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83754\"] Wireless LAN Controller:\r\n8.10.151.0\r\n8.5.171.0\r\n\r\nCatalyst 9800 Wireless Controller:\r\n16.12.5\r\n17.3.3\r\n17.5.1 (Mar 2021) Cisco Aironet 4800 Access Points CSCvv83754 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83754\"] Wireless LAN Controller:\r\n8.10.151.0\r\n8.5.171.0\r\n\r\nCatalyst 9800 Wireless Controller:\r\n16.12.5\r\n17.3.3\r\n17.5.1 (Mar 2021) Cisco Business 100 Series Access Points CSCvv83754 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83754\"] 10.4.1.0 (Mar 2021) Cisco Business 200 Series Access Points CSCvv83754 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83754\"] 10.4.1.0 (Mar 2021) Cisco Catalyst 9100 Access Points CSCvv83754 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83754\"] Wireless LAN Controller:\r\n8.10.151.0\r\n\r\nCatalyst 9800 Wireless Controller:\r\n16.12.5\r\n17.3.3\r\n17.5.1 (Mar 2021) Cisco Catalyst IW6300 Access Points CSCvv83754 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83754\"] Wireless LAN Controller:\r\n8.10.151.0\r\n\r\nCatalyst 9800 Wireless Controller:\r\n16.12.5\r\n17.3.3\r\n17.5.1 (Mar 2021) Cisco ESW6300 Series Access Points CSCvv83754 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83754\"] Wireless LAN Controller:\r\n8.10.151.0\r\n\r\nCatalyst 9800 Wireless Controller:\r\n16.12.5\r\n17.3.3\r\n17.5.1 (Mar 2021) Cisco Policy Suite CSCvv83241 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83241\"] 21.1.0 Routing and Switching - Enterprise and Service Provider Cisco 1000 Series Connected Grid Routers (CGR1000 compute module) CSCvv84554 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv84554\"] 15.9(3)M4 (Jul 2021) Cisco IR800 Integrated Services Router (Guest OS) CSCvv84553 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv84553\"] 15.9(3)M4 (Jul 2021) Cisco Wireless Gateway for LoRaWAN CSCvw00914 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvw00914\"] 2.1.0.3 (Mar 2021) Meraki Products Cisco Meraki MR (all models) N/A Release no. TBD (Aug 2021) Cisco Meraki MS (all models) N/A Release no. TBD (Aug 2021) Cisco Meraki MV (all models) N/A Release no. TBD (Aug 2021) Cisco Meraki MX (all models) N/A Release no. TBD (Aug 2021) Cisco Meraki Z-Series (all models) N/A Release no. TBD (Aug 2021) Routing and Switching - Small Business Cisco RV042 Dual WAN VPN Router CSCvv83789 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83789\"] None planned Cisco RV042G Dual Gigabit WAN VPN Router CSCvv83789 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83789\"] None planned Cisco RV160x VPN Router CSCvv83787 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83787\"] 1.0.02.x (Mar 2021) Cisco RV260x VPN Router CSCvv83788 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83788\"] 1.0.02.x (Mar 2021) Cisco RV340W Dual WAN Gigabit Wireless-AC VPN Router CSCvv83239 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83239\"] 1.0.04.x (Mar 2021) Cisco Small Business RV Series RV110W Wireless-N VPN Firewall CSCvv83235 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83235\"] None planned Cisco Small Business RV Series RV215W Wireless-N VPN Router CSCvv83237 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83237\"] None planned Cisco Small Business RV Series RV320 Dual Gigabit WAN VPN Router CSCvv83238 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83238\"] None planned Cisco Small Business RV Series RV325 Dual WAN VPN Router CSCvv83816 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83816\"] None planned Cisco Small Business RV130 Series VPN Routers CSCvv83791 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83791\"] None planned Cisco Small Business RV130 VPN Router CSCvv83236 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83236\"] None planned Unified Computing Cisco Enterprise NFV Infrastructure Software (NFVIS) CSCvw00975 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvw00975\"] 4.5 (Mar 2021) Voice and Unified Communications Devices Cisco IP Conference Phone 7832 CSCvv83246 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83246\"] 14.0 (Mar 2021) Cisco IP Conference Phone 8832 CSCvv83250 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83250\"] 14.0 (Mar 2021) Cisco IP Phone 6800 Series with Multiplatform Firmware CSCvv83248 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83248\"] 11.3.4 (Jun 2021) Cisco IP Phone 6821 with Multiplatform Firmware CSCvw00982 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvw00982\"] 11.3.4 (Jun 2021) Cisco IP Phone 7800 Series with Multiplatform Firmware CSCvv83243 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83243\"] 11.3.4 (Jun 2021) Cisco IP Phone 7800 Series CSCvv83249 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83249\"] 14.0 (Mar 2021) Cisco IP Phone 8800 Series with Multiplatform Firmware CSCvv83242 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83242\"] 11.3.4 (Jun 2021) Cisco IP Phone 8800 Series CSCvv83242 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83242\"] 14.0 (Mar 2021) Cisco IP Phone 8865 CSCvv83245 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83245\"] 14.0 (Mar 2021) Cisco SPA112 2-Port Phone Adapter CSCvv83234 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83234\"] None planned Cisco SPA122 Analog Telephone Adapter (ATA) with Router CSCvv83234 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83234\"] None planned Cisco SPA232D Multi-Line DECT Analog Telephone Adapter (ATA) CSCvv83234 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83234\"] None planned Cisco Unified IP Phone 9951 CSCvv83247 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83247\"]\r\nNone planned Cisco Unified IP Phone 9971 CSCvv83247 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83247\"]\r\nNone planned Cisco Wireless IP Phone 8821 CSCvw00918 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvw00918\"] 11.0(6)SR1 (Apr 2021) Video, Streaming, TelePresence, and Transcoding Devices Cisco Expressway Series CSCvv83227 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83227\"] X12.7.1 Cisco TelePresence Video Communication Server (VCS) CSCvv83227 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83227\"] X12.7.1 Cisco Cloud Hosted Services Cisco IP Phone 6800 Series CSCvw01205 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvw01205\"] 11.3.4 (Jun 2021) Cisco Spark Calling CSCvw00907 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvw00907\"] X12.7.1 (Feb 2021) Cisco Webex Teams (formerly Cisco Spark) CSCvv83214 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83214\"] None planned Cisco Webex Room Phone CSCvv87082 [\"https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv87082\"] 1.2(0)SR1 (Aug 2021)",
"title": "Vulnerable Products"
},
{
"category": "general",
"text": "Only products listed in the Vulnerable Products [\"#vp\"] section of this advisory are known to be affected by these vulnerabilities.\r\n\r\nCisco products that do not offer DNS server capabilities are not affected by these vulnerabilities. Cisco has also confirmed that Cisco IOS XE Software is not affected by any of these vulnerabilities.\r\n\r\nAt the time of publication, no Cisco products were found to be affected by the vulnerabilities identified by the following Common Vulnerabilities and Exposures (CVE) IDs:\r\n\r\nCVE-2020-25681\r\nCVE-2020-25682\r\nCVE-2020-25683\r\nCVE-2020-25687",
"title": "Products Confirmed Not Vulnerable"
},
{
"category": "general",
"text": "Remote Code Execution and Denial of Service Vulnerabilities\r\n\r\nMultiple vulnerabilities in the DNSSEC implementation of dnsmasq could allow an unauthenticated, remote attacker to execute arbitrary code or cause a denial of service (DoS) condition on an affected device.\r\n\r\nThe vulnerabilities are due to improper memory management when the affected software processes DNS packets with DNSSEC data. An attacker could exploit these vulnerabilities by sending malicious DNS packets to be processed by the affected device.\r\n\r\nWhen these packets are processed, an exploitable overflow condition may occur. A successful exploit could allow the attacker to execute arbitrary code with the privileges of the underlying dnsmasq software or cause DoS condition on the affected device.\r\n\r\nThese vulnerabilities affect dnsmasq installations that match all of the following criteria:\r\n\r\nInclude a vulnerable release of dnsmasq\r\nCapable of acting as a DNS server\r\nCapable of validating DNSSEC data\r\n\r\nThese vulnerabilities have been assigned the following CVE IDs:\r\n\r\n\r\nCVE-2020-25681\r\nCVE-2020-25682\r\nCVE-2020-25683\r\nCVE-2020-25687\r\n\r\nAt the time of this investigation, no Cisco products have been found to be affected by these vulnerabilities.\r\n\r\nDNS Cache Poisoning Attacks\r\n\r\nMultiple weaknesses in the DNS server functionality of dnsmasq could allow an unauthenticated, remote attacker to more easily forge DNS answers that can poison DNS caches.\r\n\r\nEach weakness results in dnsmasq accepting DNS answers based on checks that are performed on an amount of entropy that is lower than what is mandated by RFC 5452. The combination of these weaknesses would allow an attacker to mount a successful DNS cache poisoning attack with low traffic requirements.\r\n\r\nThese weaknesses affect dnsmasq installations that match all of the following criteria:\r\n\r\nInclude a vulnerable release of dnsmasq\r\nCapable of acting as a DNS server\r\nCapable of caching DNS responses\r\n\r\nThese weaknesses have been assigned the following CVE IDs:\r\n\r\nCVE-2020-25684\r\nCVE-2020-25685\r\nCVE-2020-25686\r\n\r\nMultiple Cisco products have been found to be susceptible to DNS cache poisoning attacks.",
"title": "Details"
},
{
"category": "general",
"text": "Any workarounds for a specific Cisco product or service will be documented in the relevant Cisco bugs, which are identified in the Vulnerable Products [\"#vp\"] section of this advisory.",
"title": "Workarounds"
},
{
"category": "general",
"text": "For information about fixed software releases [\"https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html#fixes\"], consult the Cisco bugs identified in the Vulnerable Products [\"https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dnsmasq-dns-2021-c5mrdf3g#vp\"] section of this advisory.\r\n\r\nWhen considering software upgrades [\"https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html#fixes\"], customers are advised to regularly consult the advisories for Cisco products, which are available from the Cisco Security Advisories page [\"https://www.cisco.com/go/psirt\"], to determine exposure and a complete upgrade solution.\r\n\r\nIn all cases, customers should ensure that the devices to be upgraded contain sufficient memory and confirm that current hardware and software configurations will continue to be supported properly by the new release. If the information is not clear, customers are advised to contact the Cisco Technical Assistance Center (TAC) or their contracted maintenance providers.",
"title": "Fixed Software"
},
{
"category": "general",
"text": "To learn about Cisco security vulnerability disclosure policies and publications, see the Security Vulnerability Policy [\"https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html\"]. This document also contains instructions for obtaining fixed software and receiving security vulnerability information from Cisco.",
"title": "Vulnerability Policy"
},
{
"category": "general",
"text": "The Cisco Product Security Incident Response Team (PSIRT) is aware that proof-of-concept exploit code is available for the vulnerabilities that are described in this advisory.\r\n\r\nCisco PSIRT is not aware of any malicious use of the vulnerabilities that are described in this advisory.",
"title": "Exploitation and Public Announcements"
},
{
"category": "general",
"text": "Cisco would like to thank Moshe Kol and Shlomi Oberman of JSOF for reporting these vulnerabilities, which were investigated and disclosed under the coordination of CERT/CC.",
"title": "Source"
},
{
"category": "legal_disclaimer",
"text": "THIS DOCUMENT IS PROVIDED ON AN \"AS IS\" BASIS AND DOES NOT IMPLY ANY KIND OF GUARANTEE OR WARRANTY, INCLUDING THE WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR USE. YOUR USE OF THE INFORMATION ON THE DOCUMENT OR MATERIALS LINKED FROM THE DOCUMENT IS AT YOUR OWN RISK. CISCO RESERVES THE RIGHT TO CHANGE OR UPDATE THIS DOCUMENT AT ANY TIME.\r\n\r\nA standalone copy or paraphrase of the text of this document that omits the distribution URL is an uncontrolled copy and may lack important information or contain factual errors. The information in this document is intended for end users of Cisco products.",
"title": "Legal Disclaimer"
}
],
"publisher": {
"category": "vendor",
"contact_details": "psirt@cisco.com",
"issuing_authority": "Cisco PSIRT",
"name": "Cisco",
"namespace": "https://wwww.cisco.com"
},
"references": [
{
"category": "self",
"summary": "Multiple Vulnerabilities in dnsmasq DNS Forwarder Affecting Cisco Products: January 2021",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dnsmasq-dns-2021-c5mrdf3g"
},
{
"category": "external",
"summary": "Cisco Security Vulnerability Policy",
"url": "https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html"
},
{
"category": "external",
"summary": "Cisco\u0026nbsp;Bug Search Tool",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/BUGID"
},
{
"category": "external",
"summary": "CSCvv83754",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83754"
},
{
"category": "external",
"summary": "CSCvv83241",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83241"
},
{
"category": "external",
"summary": "CSCvv84554",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv84554"
},
{
"category": "external",
"summary": "CSCvv84553",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv84553"
},
{
"category": "external",
"summary": "CSCvw00914",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvw00914"
},
{
"category": "external",
"summary": "CSCvv83789",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83789"
},
{
"category": "external",
"summary": "CSCvv83787",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83787"
},
{
"category": "external",
"summary": "CSCvv83788",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83788"
},
{
"category": "external",
"summary": "CSCvv83239",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83239"
},
{
"category": "external",
"summary": "CSCvv83235",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83235"
},
{
"category": "external",
"summary": "CSCvv83237",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83237"
},
{
"category": "external",
"summary": "CSCvv83238",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83238"
},
{
"category": "external",
"summary": "CSCvv83816",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83816"
},
{
"category": "external",
"summary": "CSCvv83791",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83791"
},
{
"category": "external",
"summary": "CSCvv83236",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83236"
},
{
"category": "external",
"summary": "CSCvw00975",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvw00975"
},
{
"category": "external",
"summary": "CSCvv83246",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83246"
},
{
"category": "external",
"summary": "CSCvv83250",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83250"
},
{
"category": "external",
"summary": "CSCvv83248",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83248"
},
{
"category": "external",
"summary": "CSCvw00982",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvw00982"
},
{
"category": "external",
"summary": "CSCvv83243",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83243"
},
{
"category": "external",
"summary": "CSCvv83249",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83249"
},
{
"category": "external",
"summary": "CSCvv83242",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83242"
},
{
"category": "external",
"summary": "CSCvv83245",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83245"
},
{
"category": "external",
"summary": "CSCvv83234",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83234"
},
{
"category": "external",
"summary": "CSCvv83247",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83247"
},
{
"category": "external",
"summary": "CSCvw00918",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvw00918"
},
{
"category": "external",
"summary": "CSCvv83227",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83227"
},
{
"category": "external",
"summary": "CSCvw01205",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvw01205"
},
{
"category": "external",
"summary": "CSCvw00907",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvw00907"
},
{
"category": "external",
"summary": "CSCvv83214",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv83214"
},
{
"category": "external",
"summary": "CSCvv87082",
"url": "https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvv87082"
},
{
"category": "external",
"summary": "fixed software releases",
"url": "https://sec.cloudapps.cisco.com/security/center/resources/security_vulnerability_policy.html#fixes"
},
{
"category": "external",
"summary": "Vulnerable Products",
"url": "https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dnsmasq-dns-2021-c5mrdf3g#vp"
},
{
"category": "external",
"summary": "Cisco\u0026nbsp;Security Advisories page",
"url": "https://www.cisco.com/go/psirt"
}
],
"title": "Multiple Vulnerabilities in dnsmasq DNS Forwarder Affecting Cisco Products: January 2021",
"tracking": {
"current_release_date": "2021-08-30T17:24:42+00:00",
"generator": {
"date": "2024-05-10T22:57:53+00:00",
"engine": {
"name": "TVCE"
}
},
"id": "cisco-sa-dnsmasq-dns-2021-c5mrdf3g",
"initial_release_date": "2021-01-19T12:15:00+00:00",
"revision_history": [
{
"date": "2021-01-19T12:05:02+00:00",
"number": "1.0.0",
"summary": "Initial public release."
},
{
"date": "2021-02-02T17:34:33+00:00",
"number": "1.1.0",
"summary": "Updated fixed release availability information for Cisco Meraki devices, Cisco Access Points, Cisco IR800 Integrated Services Router, and Cisco 1000 Series Connected Grid Routers."
},
{
"date": "2021-03-09T12:32:04+00:00",
"number": "1.2.0",
"summary": "Updated fixed release availability information."
},
{
"date": "2021-04-26T12:02:10+00:00",
"number": "1.3.0",
"summary": "Updated list of products confirmed not vulnerable. Removed list of products under investigation."
},
{
"date": "2021-08-30T17:24:42+00:00",
"number": "1.4.0",
"summary": "Updated Webex Room Phone fixed release."
}
],
"status": "final",
"version": "1.4.0"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"category": "product_family",
"name": "Cisco NX-OS Software",
"product": {
"name": "Cisco NX-OS Software ",
"product_id": "CSAFPID-80720"
}
},
{
"category": "product_family",
"name": "Cisco Identity Services Engine Software",
"product": {
"name": "Cisco Identity Services Engine Software ",
"product_id": "CSAFPID-111903"
}
},
{
"category": "product_family",
"name": "Cisco TelePresence Video Communication Server (VCS) Expressway",
"product": {
"name": "Cisco TelePresence Video Communication Server (VCS) Expressway ",
"product_id": "CSAFPID-209614"
}
},
{
"category": "product_family",
"name": "Cisco Session Initiation Protocol (SIP) Software",
"product": {
"name": "Cisco Session Initiation Protocol (SIP) Software ",
"product_id": "CSAFPID-277608"
}
}
],
"category": "vendor",
"name": "Cisco"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-25683",
"ids": [
{
"system_name": "Cisco Bug ID",
"text": "CSCvx66581"
},
{
"system_name": "Cisco Bug ID",
"text": "CSCvx66584"
},
{
"system_name": "Cisco Bug ID",
"text": "CSCvx17339"
},
{
"system_name": "Cisco Bug ID",
"text": "CSCvx20637"
},
{
"system_name": "Cisco Bug ID",
"text": "CSCvv83232"
},
{
"system_name": "Cisco Bug ID",
"text": "CSCvw00918"
}
],
"notes": [
{
"category": "other",
"text": "Complete.",
"title": "Affected Product Comprehensiveness"
}
],
"product_status": {
"known_affected": [
"CSAFPID-80720",
"CSAFPID-209614",
"CSAFPID-111903",
"CSAFPID-277608"
]
},
"release_date": "2021-01-19T12:15:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Cisco has released software updates that address this vulnerability.",
"product_ids": [
"CSAFPID-209614",
"CSAFPID-277608",
"CSAFPID-111903",
"CSAFPID-80720"
],
"url": "https://software.cisco.com"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-80720",
"CSAFPID-209614",
"CSAFPID-111903",
"CSAFPID-277608"
]
}
],
"title": "vuln-CVE-2020-25683"
},
{
"cve": "CVE-2020-25687",
"ids": [
{
"system_name": "Cisco Bug ID",
"text": "CSCvv83232"
},
{
"system_name": "Cisco Bug ID",
"text": "CSCvx17339"
},
{
"system_name": "Cisco Bug ID",
"text": "CSCvx20637"
},
{
"system_name": "Cisco Bug ID",
"text": "CSCvx66581"
},
{
"system_name": "Cisco Bug ID",
"text": "CSCvx66584"
},
{
"system_name": "Cisco Bug ID",
"text": "CSCvw00918"
}
],
"notes": [
{
"category": "other",
"text": "Complete.",
"title": "Affected Product Comprehensiveness"
}
],
"product_status": {
"known_affected": [
"CSAFPID-111903",
"CSAFPID-209614",
"CSAFPID-80720",
"CSAFPID-277608"
]
},
"release_date": "2021-01-19T12:15:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Cisco has released software updates that address this vulnerability.",
"product_ids": [
"CSAFPID-209614",
"CSAFPID-277608",
"CSAFPID-111903",
"CSAFPID-80720"
],
"url": "https://software.cisco.com"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-111903",
"CSAFPID-209614",
"CSAFPID-80720",
"CSAFPID-277608"
]
}
],
"title": "vuln-CVE-2020-25687"
},
{
"cve": "CVE-2020-25681",
"ids": [
{
"system_name": "Cisco Bug ID",
"text": "CSCvx20637"
},
{
"system_name": "Cisco Bug ID",
"text": "CSCvx66581"
},
{
"system_name": "Cisco Bug ID",
"text": "CSCvx66584"
},
{
"system_name": "Cisco Bug ID",
"text": "CSCvw00918"
},
{
"system_name": "Cisco Bug ID",
"text": "CSCvv83232"
}
],
"notes": [
{
"category": "other",
"text": "Complete.",
"title": "Affected Product Comprehensiveness"
}
],
"product_status": {
"known_affected": [
"CSAFPID-209614",
"CSAFPID-80720",
"CSAFPID-277608",
"CSAFPID-111903"
]
},
"release_date": "2021-01-19T12:15:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Cisco has released software updates that address this vulnerability.",
"product_ids": [
"CSAFPID-209614",
"CSAFPID-277608",
"CSAFPID-111903",
"CSAFPID-80720"
],
"url": "https://software.cisco.com"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-209614",
"CSAFPID-80720",
"CSAFPID-277608",
"CSAFPID-111903"
]
}
],
"title": "vuln-CVE-2020-25681"
},
{
"cve": "CVE-2020-25682",
"ids": [
{
"system_name": "Cisco Bug ID",
"text": "CSCvx20637"
},
{
"system_name": "Cisco Bug ID",
"text": "CSCvw00918"
},
{
"system_name": "Cisco Bug ID",
"text": "CSCvv83232"
},
{
"system_name": "Cisco Bug ID",
"text": "CSCvx66581"
},
{
"system_name": "Cisco Bug ID",
"text": "CSCvx66584"
}
],
"notes": [
{
"category": "other",
"text": "Complete.",
"title": "Affected Product Comprehensiveness"
}
],
"product_status": {
"known_affected": [
"CSAFPID-209614",
"CSAFPID-277608",
"CSAFPID-111903",
"CSAFPID-80720"
]
},
"release_date": "2021-01-19T12:15:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Cisco has released software updates that address this vulnerability.",
"product_ids": [
"CSAFPID-209614",
"CSAFPID-277608",
"CSAFPID-111903",
"CSAFPID-80720"
],
"url": "https://software.cisco.com"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"CSAFPID-209614",
"CSAFPID-277608",
"CSAFPID-111903",
"CSAFPID-80720"
]
}
],
"title": "vuln-CVE-2020-25682"
},
{
"cve": "CVE-2020-25686",
"ids": [
{
"system_name": "Cisco Bug ID",
"text": "CSCvw00918"
},
{
"system_name": "Cisco Bug ID",
"text": "CSCvx66581"
},
{
"system_name": "Cisco Bug ID",
"text": "CSCvx66584"
},
{
"system_name": "Cisco Bug ID",
"text": "CSCvx17339"
},
{
"system_name": "Cisco Bug ID",
"text": "CSCvx20637"
},
{
"system_name": "Cisco Bug ID",
"text": "CSCvv83232"
}
],
"notes": [
{
"category": "other",
"text": "Complete.",
"title": "Affected Product Comprehensiveness"
}
],
"product_status": {
"known_affected": [
"CSAFPID-277608",
"CSAFPID-80720",
"CSAFPID-209614",
"CSAFPID-111903"
]
},
"release_date": "2021-01-19T12:15:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Cisco has released software updates that address this vulnerability.",
"product_ids": [
"CSAFPID-209614",
"CSAFPID-277608",
"CSAFPID-111903",
"CSAFPID-80720"
],
"url": "https://software.cisco.com"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-277608",
"CSAFPID-80720",
"CSAFPID-209614",
"CSAFPID-111903"
]
}
],
"title": "vuln-CVE-2020-25686"
},
{
"cve": "CVE-2020-25685",
"ids": [
{
"system_name": "Cisco Bug ID",
"text": "CSCvx20637"
},
{
"system_name": "Cisco Bug ID",
"text": "CSCvw00918"
},
{
"system_name": "Cisco Bug ID",
"text": "CSCvv83232"
},
{
"system_name": "Cisco Bug ID",
"text": "CSCvx66581"
},
{
"system_name": "Cisco Bug ID",
"text": "CSCvx66584"
}
],
"notes": [
{
"category": "other",
"text": "Complete.",
"title": "Affected Product Comprehensiveness"
}
],
"product_status": {
"known_affected": [
"CSAFPID-209614",
"CSAFPID-277608",
"CSAFPID-111903",
"CSAFPID-80720"
]
},
"release_date": "2021-01-19T12:15:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Cisco has released software updates that address this vulnerability.",
"product_ids": [
"CSAFPID-209614",
"CSAFPID-277608",
"CSAFPID-111903",
"CSAFPID-80720"
],
"url": "https://software.cisco.com"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-209614",
"CSAFPID-277608",
"CSAFPID-111903",
"CSAFPID-80720"
]
}
],
"title": "vuln-CVE-2020-25685"
},
{
"cve": "CVE-2020-25684",
"ids": [
{
"system_name": "Cisco Bug ID",
"text": "CSCvw00918"
},
{
"system_name": "Cisco Bug ID",
"text": "CSCvv83232"
},
{
"system_name": "Cisco Bug ID",
"text": "CSCvx66581"
},
{
"system_name": "Cisco Bug ID",
"text": "CSCvx66584"
},
{
"system_name": "Cisco Bug ID",
"text": "CSCvx20637"
}
],
"notes": [
{
"category": "other",
"text": "Complete.",
"title": "Affected Product Comprehensiveness"
}
],
"product_status": {
"known_affected": [
"CSAFPID-277608",
"CSAFPID-111903",
"CSAFPID-80720",
"CSAFPID-209614"
]
},
"release_date": "2021-01-19T12:15:00+00:00",
"remediations": [
{
"category": "vendor_fix",
"details": "Cisco has released software updates that address this vulnerability.",
"product_ids": [
"CSAFPID-209614",
"CSAFPID-277608",
"CSAFPID-111903",
"CSAFPID-80720"
],
"url": "https://software.cisco.com"
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 3.7,
"baseSeverity": "LOW",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
"version": "3.1"
},
"products": [
"CSAFPID-277608",
"CSAFPID-111903",
"CSAFPID-80720",
"CSAFPID-209614"
]
}
],
"title": "Multiple Vulnerabilities in dnsmasq DNS server affecting Cisco Products: January 2021"
}
]
}
CNVD-2021-07538
Vulnerability from cnvd - Published: 2021-01-31
VLAI Severity ?
Title
Dnsmasq缓冲区溢出漏洞(CNVD-2021-07538)
Description
Dnsmasq是一款使用C语言编写的轻量级DNS转发和DHCP、TFTP服务器。
Dnsmasq存在缓冲区溢出漏洞,该漏洞源于在用DNSSEC数据验证DNS包之前,dnsmasq从DNS包中提取名称的方式存在缓冲区溢出漏洞。目前没有详细的漏洞细节提供。
Severity
高
Patch Name
Dnsmasq缓冲区溢出漏洞(CNVD-2021-07538)的补丁
Patch Description
Dnsmasq是一款使用C语言编写的轻量级DNS转发和DHCP、TFTP服务器。
Dnsmasq存在缓冲区溢出漏洞,该漏洞源于在用DNSSEC数据验证DNS包之前,dnsmasq从DNS包中提取名称的方式存在缓冲区溢出漏洞。目前没有详细的漏洞细节提供。目前,供应商发布了安全公告及相关补丁信息,修复了此漏洞。
Formal description
厂商已发布了漏洞修复程序,请及时关注更新: https://www.jsof-tech.com/disclosures/dnspooq/
Reference
https://nvd.nist.gov/vuln/detail/CVE-2020-25682
Impacted products
| Name | Dnsmasq Dnsmasq |
|---|
{
"cves": {
"cve": {
"cveNumber": "CVE-2020-25682",
"cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2020-25682"
}
},
"description": "Dnsmasq\u662f\u4e00\u6b3e\u4f7f\u7528C\u8bed\u8a00\u7f16\u5199\u7684\u8f7b\u91cf\u7ea7DNS\u8f6c\u53d1\u548cDHCP\u3001TFTP\u670d\u52a1\u5668\u3002 \n\nDnsmasq\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5728\u7528DNSSEC\u6570\u636e\u9a8c\u8bc1DNS\u5305\u4e4b\u524d\uff0cdnsmasq\u4eceDNS\u5305\u4e2d\u63d0\u53d6\u540d\u79f0\u7684\u65b9\u5f0f\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u3002\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u7684\u6f0f\u6d1e\u7ec6\u8282\u63d0\u4f9b\u3002",
"formalWay": "\u5382\u5546\u5df2\u53d1\u5e03\u4e86\u6f0f\u6d1e\u4fee\u590d\u7a0b\u5e8f\uff0c\u8bf7\u53ca\u65f6\u5173\u6ce8\u66f4\u65b0\uff1a\r\nhttps://www.jsof-tech.com/disclosures/dnspooq/",
"isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
"number": "CNVD-2021-07538",
"openTime": "2021-01-31",
"patchDescription": "Dnsmasq\u662f\u4e00\u6b3e\u4f7f\u7528C\u8bed\u8a00\u7f16\u5199\u7684\u8f7b\u91cf\u7ea7DNS\u8f6c\u53d1\u548cDHCP\u3001TFTP\u670d\u52a1\u5668\u3002 \r\n\r\nDnsmasq\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5728\u7528DNSSEC\u6570\u636e\u9a8c\u8bc1DNS\u5305\u4e4b\u524d\uff0cdnsmasq\u4eceDNS\u5305\u4e2d\u63d0\u53d6\u540d\u79f0\u7684\u65b9\u5f0f\u5b58\u5728\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\u3002\u76ee\u524d\u6ca1\u6709\u8be6\u7ec6\u7684\u6f0f\u6d1e\u7ec6\u8282\u63d0\u4f9b\u3002\u76ee\u524d\uff0c\u4f9b\u5e94\u5546\u53d1\u5e03\u4e86\u5b89\u5168\u516c\u544a\u53ca\u76f8\u5173\u8865\u4e01\u4fe1\u606f\uff0c\u4fee\u590d\u4e86\u6b64\u6f0f\u6d1e\u3002",
"patchName": "Dnsmasq\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff08CNVD-2021-07538\uff09\u7684\u8865\u4e01",
"products": {
"product": "Dnsmasq Dnsmasq"
},
"referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2020-25682",
"serverity": "\u9ad8",
"submitTime": "2021-01-29",
"title": "Dnsmasq\u7f13\u51b2\u533a\u6ea2\u51fa\u6f0f\u6d1e\uff08CNVD-2021-07538\uff09"
}
FKIE_CVE-2020-25682
Vulnerability from fkie_nvd - Published: 2021-01-20 17:15 - Updated: 2025-11-04 20:15
Severity ?
Summary
A flaw was found in dnsmasq before 2.83. A buffer overflow vulnerability was discovered in the way dnsmasq extract names from DNS packets before validating them with DNSSEC data. An attacker on the network, who can create valid DNS replies, could use this flaw to cause an overflow with arbitrary data in a heap-allocated memory, possibly executing code on the machine. The flaw is in the rfc1035.c:extract_name() function, which writes data to the memory pointed by name assuming MAXDNAME*2 bytes are available in the buffer. However, in some code execution paths, it is possible extract_name() gets passed an offset from the base buffer, thus reducing, in practice, the number of available bytes that can be written in the buffer. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| thekelleys | dnsmasq | * | |
| fedoraproject | fedora | 32 | |
| fedoraproject | fedora | 33 | |
| debian | debian_linux | 9.0 | |
| debian | debian_linux | 10.0 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:thekelleys:dnsmasq:*:*:*:*:*:*:*:*",
"matchCriteriaId": "F38115DF-0F5C-442D-83D4-1125AAB4E2B7",
"versionEndExcluding": "2.83",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
"matchCriteriaId": "36D96259-24BD-44E2-96D9-78CE1D41F956",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
"matchCriteriaId": "E460AA51-FCDA-46B9-AE97-E6676AA5E194",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
},
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"matchCriteriaId": "DEECE5FC-CACF-4496-A3E7-164736409252",
"vulnerable": true
},
{
"criteria": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"matchCriteriaId": "07B237A9-69A3-4A9C-9DA0-4E06BD37AE73",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A flaw was found in dnsmasq before 2.83. A buffer overflow vulnerability was discovered in the way dnsmasq extract names from DNS packets before validating them with DNSSEC data. An attacker on the network, who can create valid DNS replies, could use this flaw to cause an overflow with arbitrary data in a heap-allocated memory, possibly executing code on the machine. The flaw is in the rfc1035.c:extract_name() function, which writes data to the memory pointed by name assuming MAXDNAME*2 bytes are available in the buffer. However, in some code execution paths, it is possible extract_name() gets passed an offset from the base buffer, thus reducing, in practice, the number of available bytes that can be written in the buffer. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability."
},
{
"lang": "es",
"value": "Se encontr\u00f3 un fallo en dnsmasq versiones anteriores a 2.83.\u0026#xa0;Se detect\u00f3 una vulnerabilidad de desbordamiento del b\u00fafer en la manera en que dnsmasq extrae nombres de paquetes DNS antes de validarlos con datos DNSSEC.\u0026#xa0;Un atacante en la red, que puede crear respuestas DNS v\u00e1lidas, podr\u00eda usar este fallo para causar un desbordamiento de datos arbitrarios en una memoria asignada de la pila, posiblemente ejecutando c\u00f3digo en la m\u00e1quina. El fallo est\u00e1 en la funci\u00f3n rfc1035.c:extract_name(), que escribe datos en la memoria apuntada por el nombre asumiendo que los bytes MAXDNAME*2 est\u00e1n disponibles en el b\u00fafer.\u0026#xa0;Sin embargo, en algunas rutas de ejecuci\u00f3n de c\u00f3digo, es posible que la funci\u00f3n extract_name() pasaba un desplazamiento del b\u00fafer base, reduciendo as\u00ed, en la pr\u00e1ctica, el n\u00famero de bytes disponibles que se pueden escribir en el b\u00fafer.\u0026#xa0;La mayor amenaza de esta vulnerabilidad es la confidencialidad e integridad de los datos, as\u00ed como la disponibilidad del sistema"
}
],
"id": "CVE-2020-25682",
"lastModified": "2025-11-04T20:15:56.973",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 8.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 8.5,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2021-01-20T17:15:12.920",
"references": [
{
"source": "secalert@redhat.com",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1882014"
},
{
"source": "secalert@redhat.com",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00027.html"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QGB7HL3OWHTLEPSMLDGOMXQKG3KM2QME/"
},
{
"source": "secalert@redhat.com",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WYW3IR6APUSKOYKL5FT3ACTIHWHGQY32/"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202101-17"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2021/dsa-4844"
},
{
"source": "secalert@redhat.com",
"tags": [
"Third Party Advisory"
],
"url": "https://www.jsof-tech.com/disclosures/dnspooq/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1882014"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00027.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QGB7HL3OWHTLEPSMLDGOMXQKG3KM2QME/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WYW3IR6APUSKOYKL5FT3ACTIHWHGQY32/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202101-17"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2021/dsa-4844"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://www.jsof-tech.com/disclosures/dnspooq/"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.kb.cert.org/vuls/id/434904"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-122"
}
],
"source": "secalert@redhat.com",
"type": "Secondary"
},
{
"description": [
{
"lang": "en",
"value": "CWE-787"
}
],
"source": "nvd@nist.gov",
"type": "Secondary"
}
]
}
GHSA-3QQQ-357H-32GJ
Vulnerability from github – Published: 2022-05-24 17:39 – Updated: 2025-11-04 21:30
VLAI?
Details
A flaw was found in dnsmasq before 2.83. A buffer overflow vulnerability was discovered in the way dnsmasq extract names from DNS packets before validating them with DNSSEC data. An attacker on the network, who can create valid DNS replies, could use this flaw to cause an overflow with arbitrary data in a heap-allocated memory, possibly executing code on the machine. The flaw is in the rfc1035.c:extract_name() function, which writes data to the memory pointed by name assuming MAXDNAME*2 bytes are available in the buffer. However, in some code execution paths, it is possible extract_name() gets passed an offset from the base buffer, thus reducing, in practice, the number of available bytes that can be written in the buffer. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Severity ?
8.1 (High)
{
"affected": [],
"aliases": [
"CVE-2020-25682"
],
"database_specific": {
"cwe_ids": [
"CWE-122",
"CWE-787"
],
"github_reviewed": false,
"github_reviewed_at": null,
"nvd_published_at": "2021-01-20T17:15:00Z",
"severity": "HIGH"
},
"details": "A flaw was found in dnsmasq before 2.83. A buffer overflow vulnerability was discovered in the way dnsmasq extract names from DNS packets before validating them with DNSSEC data. An attacker on the network, who can create valid DNS replies, could use this flaw to cause an overflow with arbitrary data in a heap-allocated memory, possibly executing code on the machine. The flaw is in the rfc1035.c:extract_name() function, which writes data to the memory pointed by name assuming MAXDNAME*2 bytes are available in the buffer. However, in some code execution paths, it is possible extract_name() gets passed an offset from the base buffer, thus reducing, in practice, the number of available bytes that can be written in the buffer. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"id": "GHSA-3qqq-357h-32gj",
"modified": "2025-11-04T21:30:25Z",
"published": "2022-05-24T17:39:33Z",
"references": [
{
"type": "ADVISORY",
"url": "https://nvd.nist.gov/vuln/detail/CVE-2020-25682"
},
{
"type": "WEB",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1882014"
},
{
"type": "WEB",
"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00027.html"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QGB7HL3OWHTLEPSMLDGOMXQKG3KM2QME"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WYW3IR6APUSKOYKL5FT3ACTIHWHGQY32"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGB7HL3OWHTLEPSMLDGOMXQKG3KM2QME"
},
{
"type": "WEB",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WYW3IR6APUSKOYKL5FT3ACTIHWHGQY32"
},
{
"type": "WEB",
"url": "https://security.gentoo.org/glsa/202101-17"
},
{
"type": "WEB",
"url": "https://www.debian.org/security/2021/dsa-4844"
},
{
"type": "WEB",
"url": "https://www.jsof-tech.com/disclosures/dnspooq"
},
{
"type": "WEB",
"url": "https://www.kb.cert.org/vuls/id/434904"
}
],
"schema_version": "1.4.0",
"severity": [
{
"score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"type": "CVSS_V3"
}
]
}
GSD-2020-25682
Vulnerability from gsd - Updated: 2023-12-13 01:21Details
A flaw was found in dnsmasq before 2.83. A buffer overflow vulnerability was discovered in the way dnsmasq extract names from DNS packets before validating them with DNSSEC data. An attacker on the network, who can create valid DNS replies, could use this flaw to cause an overflow with arbitrary data in a heap-allocated memory, possibly executing code on the machine. The flaw is in the rfc1035.c:extract_name() function, which writes data to the memory pointed by name assuming MAXDNAME*2 bytes are available in the buffer. However, in some code execution paths, it is possible extract_name() gets passed an offset from the base buffer, thus reducing, in practice, the number of available bytes that can be written in the buffer. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2020-25682",
"description": "A flaw was found in dnsmasq before 2.83. A buffer overflow vulnerability was discovered in the way dnsmasq extract names from DNS packets before validating them with DNSSEC data. An attacker on the network, who can create valid DNS replies, could use this flaw to cause an overflow with arbitrary data in a heap-allocated memory, possibly executing code on the machine. The flaw is in the rfc1035.c:extract_name() function, which writes data to the memory pointed by name assuming MAXDNAME*2 bytes are available in the buffer. However, in some code execution paths, it is possible extract_name() gets passed an offset from the base buffer, thus reducing, in practice, the number of available bytes that can be written in the buffer. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"id": "GSD-2020-25682",
"references": [
"https://www.suse.com/security/cve/CVE-2020-25682.html",
"https://www.debian.org/security/2021/dsa-4844",
"https://access.redhat.com/errata/RHSA-2021:0152",
"https://access.redhat.com/errata/RHSA-2021:0151",
"https://access.redhat.com/errata/RHSA-2021:0150",
"https://ubuntu.com/security/CVE-2020-25682",
"https://advisories.mageia.org/CVE-2020-25682.html",
"https://security.archlinux.org/CVE-2020-25682",
"https://linux.oracle.com/cve/CVE-2020-25682.html"
]
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2020-25682"
],
"details": "A flaw was found in dnsmasq before 2.83. A buffer overflow vulnerability was discovered in the way dnsmasq extract names from DNS packets before validating them with DNSSEC data. An attacker on the network, who can create valid DNS replies, could use this flaw to cause an overflow with arbitrary data in a heap-allocated memory, possibly executing code on the machine. The flaw is in the rfc1035.c:extract_name() function, which writes data to the memory pointed by name assuming MAXDNAME*2 bytes are available in the buffer. However, in some code execution paths, it is possible extract_name() gets passed an offset from the base buffer, thus reducing, in practice, the number of available bytes that can be written in the buffer. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"id": "GSD-2020-25682",
"modified": "2023-12-13T01:21:57.223385Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2020-25682",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "dnsmasq",
"version": {
"version_data": [
{
"version_value": "dnsmasq 2.83"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A flaw was found in dnsmasq before 2.83. A buffer overflow vulnerability was discovered in the way dnsmasq extract names from DNS packets before validating them with DNSSEC data. An attacker on the network, who can create valid DNS replies, could use this flaw to cause an overflow with arbitrary data in a heap-allocated memory, possibly executing code on the machine. The flaw is in the rfc1035.c:extract_name() function, which writes data to the memory pointed by name assuming MAXDNAME*2 bytes are available in the buffer. However, in some code execution paths, it is possible extract_name() gets passed an offset from the base buffer, thus reducing, in practice, the number of available bytes that can be written in the buffer. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-122"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.jsof-tech.com/disclosures/dnspooq/",
"refsource": "MISC",
"url": "https://www.jsof-tech.com/disclosures/dnspooq/"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1882014",
"refsource": "MISC",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1882014"
},
{
"name": "FEDORA-2021-84440e87ba",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WYW3IR6APUSKOYKL5FT3ACTIHWHGQY32/"
},
{
"name": "GLSA-202101-17",
"refsource": "GENTOO",
"url": "https://security.gentoo.org/glsa/202101-17"
},
{
"name": "DSA-4844",
"refsource": "DEBIAN",
"url": "https://www.debian.org/security/2021/dsa-4844"
},
{
"name": "FEDORA-2021-2e4c3d5a9d",
"refsource": "FEDORA",
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGB7HL3OWHTLEPSMLDGOMXQKG3KM2QME/"
},
{
"name": "[debian-lts-announce] 20210322 [SECURITY] [DLA 2604-1] dnsmasq security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00027.html"
}
]
}
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:thekelleys:dnsmasq:*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "2.83",
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
},
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*",
"cpe_name": [],
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2020-25682"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "A flaw was found in dnsmasq before 2.83. A buffer overflow vulnerability was discovered in the way dnsmasq extract names from DNS packets before validating them with DNSSEC data. An attacker on the network, who can create valid DNS replies, could use this flaw to cause an overflow with arbitrary data in a heap-allocated memory, possibly executing code on the machine. The flaw is in the rfc1035.c:extract_name() function, which writes data to the memory pointed by name assuming MAXDNAME*2 bytes are available in the buffer. However, in some code execution paths, it is possible extract_name() gets passed an offset from the base buffer, thus reducing, in practice, the number of available bytes that can be written in the buffer. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-122"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.jsof-tech.com/disclosures/dnspooq/",
"refsource": "MISC",
"tags": [
"Third Party Advisory"
],
"url": "https://www.jsof-tech.com/disclosures/dnspooq/"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=1882014",
"refsource": "MISC",
"tags": [
"Issue Tracking",
"Patch",
"Third Party Advisory"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1882014"
},
{
"name": "FEDORA-2021-84440e87ba",
"refsource": "FEDORA",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WYW3IR6APUSKOYKL5FT3ACTIHWHGQY32/"
},
{
"name": "GLSA-202101-17",
"refsource": "GENTOO",
"tags": [
"Third Party Advisory"
],
"url": "https://security.gentoo.org/glsa/202101-17"
},
{
"name": "DSA-4844",
"refsource": "DEBIAN",
"tags": [
"Third Party Advisory"
],
"url": "https://www.debian.org/security/2021/dsa-4844"
},
{
"name": "FEDORA-2021-2e4c3d5a9d",
"refsource": "FEDORA",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGB7HL3OWHTLEPSMLDGOMXQKG3KM2QME/"
},
{
"name": "[debian-lts-announce] 20210322 [SECURITY] [DLA 2604-1] dnsmasq security update",
"refsource": "MLIST",
"tags": [
"Mailing List",
"Third Party Advisory"
],
"url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00027.html"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "COMPLETE",
"baseScore": 8.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:C",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 8.5,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "HIGH",
"userInteractionRequired": false
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"exploitabilityScore": 2.2,
"impactScore": 5.9
}
},
"lastModifiedDate": "2021-03-26T18:23Z",
"publishedDate": "2021-01-20T17:15Z"
}
}
}
MSRC_CVE-2020-25682
Vulnerability from csaf_microsoft - Published: 2021-01-02 00:00 - Updated: 2021-01-29 00:00Summary
A flaw was found in dnsmasq before 2.83. A buffer overflow vulnerability was discovered in the way dnsmasq extract names from DNS packets before validating them with DNSSEC data. An attacker on the network who can create valid DNS replies could use this flaw to cause an overflow with arbitrary data in a heap-allocated memory possibly executing code on the machine. The flaw is in the rfc1035.c:extract_name() function which writes data to the memory pointed by name assuming MAXDNAME*2 bytes are available in the buffer. However in some code execution paths it is possible extract_name() gets passed an offset from the base buffer thus reducing in practice the number of available bytes that can be written in the buffer. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Notes
Additional Resources: To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle
Disclaimer: The information provided in the Microsoft Knowledge Base is provided \"as is\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.
References
4 references
| URL | Category |
|---|---|
| https://msrc.microsoft.com/csaf/vex/2021/msrc_cve… | self |
| https://support.microsoft.com/lifecycle | external |
| https://www.first.org/cvss | external |
| https://msrc.microsoft.com/csaf/vex/2021/msrc_cve… | self |
{
"document": {
"category": "csaf_vex",
"csaf_version": "2.0",
"distribution": {
"text": "Public",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en-US",
"notes": [
{
"category": "general",
"text": "To determine the support lifecycle for your software, see the Microsoft Support Lifecycle: https://support.microsoft.com/lifecycle",
"title": "Additional Resources"
},
{
"category": "legal_disclaimer",
"text": "The information provided in the Microsoft Knowledge Base is provided \\\"as is\\\" without warranty of any kind. Microsoft disclaims all warranties, either express or implied, including the warranties of merchantability and fitness for a particular purpose. In no event shall Microsoft Corporation or its suppliers be liable for any damages whatsoever including direct, indirect, incidental, consequential, loss of business profits or special damages, even if Microsoft Corporation or its suppliers have been advised of the possibility of such damages. Some states do not allow the exclusion or limitation of liability for consequential or incidental damages so the foregoing limitation may not apply.",
"title": "Disclaimer"
}
],
"publisher": {
"category": "vendor",
"contact_details": "secure@microsoft.com",
"name": "Microsoft Security Response Center",
"namespace": "https://msrc.microsoft.com"
},
"references": [
{
"category": "self",
"summary": "CVE-2020-25682 A flaw was found in dnsmasq before 2.83. A buffer overflow vulnerability was discovered in the way dnsmasq extract names from DNS packets before validating them with DNSSEC data. An attacker on the network who can create valid DNS replies could use this flaw to cause an overflow with arbitrary data in a heap-allocated memory possibly executing code on the machine. The flaw is in the rfc1035.c:extract_name() function which writes data to the memory pointed by name assuming MAXDNAME*2 bytes are available in the buffer. However in some code execution paths it is possible extract_name() gets passed an offset from the base buffer thus reducing in practice the number of available bytes that can be written in the buffer. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2021/msrc_cve-2020-25682.json"
},
{
"category": "external",
"summary": "Microsoft Support Lifecycle",
"url": "https://support.microsoft.com/lifecycle"
},
{
"category": "external",
"summary": "Common Vulnerability Scoring System",
"url": "https://www.first.org/cvss"
}
],
"title": "A flaw was found in dnsmasq before 2.83. A buffer overflow vulnerability was discovered in the way dnsmasq extract names from DNS packets before validating them with DNSSEC data. An attacker on the network who can create valid DNS replies could use this flaw to cause an overflow with arbitrary data in a heap-allocated memory possibly executing code on the machine. The flaw is in the rfc1035.c:extract_name() function which writes data to the memory pointed by name assuming MAXDNAME*2 bytes are available in the buffer. However in some code execution paths it is possible extract_name() gets passed an offset from the base buffer thus reducing in practice the number of available bytes that can be written in the buffer. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"tracking": {
"current_release_date": "2021-01-29T00:00:00.000Z",
"generator": {
"date": "2025-10-19T21:39:52.593Z",
"engine": {
"name": "MSRC Generator",
"version": "1.0"
}
},
"id": "msrc_CVE-2020-25682",
"initial_release_date": "2021-01-02T00:00:00.000Z",
"revision_history": [
{
"date": "2021-01-29T00:00:00.000Z",
"legacy_version": "1",
"number": "1",
"summary": "Information published."
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "1.0",
"product": {
"name": "CBL Mariner 1.0",
"product_id": "16820"
}
}
],
"category": "product_name",
"name": "Azure Linux"
},
{
"branches": [
{
"category": "product_version_range",
"name": "\u003ccm1 dnsmasq 2.85-1",
"product": {
"name": "\u003ccm1 dnsmasq 2.85-1",
"product_id": "1"
}
},
{
"category": "product_version",
"name": "cm1 dnsmasq 2.85-1",
"product": {
"name": "cm1 dnsmasq 2.85-1",
"product_id": "19065"
}
}
],
"category": "product_name",
"name": "dnsmasq"
}
],
"category": "vendor",
"name": "Microsoft"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "\u003ccm1 dnsmasq 2.85-1 as a component of CBL Mariner 1.0",
"product_id": "16820-1"
},
"product_reference": "1",
"relates_to_product_reference": "16820"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "cm1 dnsmasq 2.85-1 as a component of CBL Mariner 1.0",
"product_id": "19065-16820"
},
"product_reference": "19065",
"relates_to_product_reference": "16820"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-25682",
"cwe": {
"id": "CWE-122",
"name": "Heap-based Buffer Overflow"
},
"notes": [
{
"category": "general",
"text": "redhat",
"title": "Assigning CNA"
}
],
"product_status": {
"fixed": [
"19065-16820"
],
"known_affected": [
"16820-1"
]
},
"references": [
{
"category": "self",
"summary": "CVE-2020-25682 A flaw was found in dnsmasq before 2.83. A buffer overflow vulnerability was discovered in the way dnsmasq extract names from DNS packets before validating them with DNSSEC data. An attacker on the network who can create valid DNS replies could use this flaw to cause an overflow with arbitrary data in a heap-allocated memory possibly executing code on the machine. The flaw is in the rfc1035.c:extract_name() function which writes data to the memory pointed by name assuming MAXDNAME*2 bytes are available in the buffer. However in some code execution paths it is possible extract_name() gets passed an offset from the base buffer thus reducing in practice the number of available bytes that can be written in the buffer. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability. - VEX",
"url": "https://msrc.microsoft.com/csaf/vex/2021/msrc_cve-2020-25682.json"
}
],
"remediations": [
{
"category": "vendor_fix",
"date": "2021-01-29T00:00:00.000Z",
"details": "2.85-1:Security Update:https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade",
"product_ids": [
"16820-1"
],
"url": "https://learn.microsoft.com/en-us/azure/azure-linux/tutorial-azure-linux-upgrade"
}
],
"scores": [
{
"cvss_v3": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.1,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"environmentalsScore": 0.0,
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"temporalScore": 8.1,
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"16820-1"
]
}
],
"title": "A flaw was found in dnsmasq before 2.83. A buffer overflow vulnerability was discovered in the way dnsmasq extract names from DNS packets before validating them with DNSSEC data. An attacker on the network who can create valid DNS replies could use this flaw to cause an overflow with arbitrary data in a heap-allocated memory possibly executing code on the machine. The flaw is in the rfc1035.c:extract_name() function which writes data to the memory pointed by name assuming MAXDNAME*2 bytes are available in the buffer. However in some code execution paths it is possible extract_name() gets passed an offset from the base buffer thus reducing in practice the number of available bytes that can be written in the buffer. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability."
}
]
}
OPENSUSE-SU-2021:0124-1
Vulnerability from csaf_opensuse - Published: 2021-01-20 09:04 - Updated: 2021-01-20 09:04Summary
Security update for dnsmasq
Severity
Important
Notes
Title of the patch: Security update for dnsmasq
Description of the patch: This update for dnsmasq fixes the following issues:
- bsc#1177077: Fixed DNSpooq vulnerabilities
- CVE-2020-25684, CVE-2020-25685, CVE-2020-25686:
Fixed multiple Cache Poisoning attacks.
- CVE-2020-25681, CVE-2020-25682, CVE-2020-25683, CVE-2020-25687:
Fixed multiple potential Heap-based overflows when DNSSEC is
enabled.
- Retry query to other servers on receipt of SERVFAIL rcode
(bsc#1176076)
This update was imported from the SUSE:SLE-15-SP1:Update update project.
Patchnames: openSUSE-2021-124
Terms of use: CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).
8.1 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:dnsmasq-2.78-lp152.7.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:dnsmasq-2.78-lp152.7.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:dnsmasq-utils-2.78-lp152.7.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:dnsmasq-utils-2.78-lp152.7.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
8.1 (High)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:dnsmasq-2.78-lp152.7.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:dnsmasq-2.78-lp152.7.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:dnsmasq-utils-2.78-lp152.7.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:dnsmasq-utils-2.78-lp152.7.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.9 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:dnsmasq-2.78-lp152.7.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:dnsmasq-2.78-lp152.7.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:dnsmasq-utils-2.78-lp152.7.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:dnsmasq-utils-2.78-lp152.7.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.4 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:dnsmasq-2.78-lp152.7.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:dnsmasq-2.78-lp152.7.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:dnsmasq-utils-2.78-lp152.7.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:dnsmasq-utils-2.78-lp152.7.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.4 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:dnsmasq-2.78-lp152.7.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:dnsmasq-2.78-lp152.7.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:dnsmasq-utils-2.78-lp152.7.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:dnsmasq-utils-2.78-lp152.7.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.4 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:dnsmasq-2.78-lp152.7.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:dnsmasq-2.78-lp152.7.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:dnsmasq-utils-2.78-lp152.7.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:dnsmasq-utils-2.78-lp152.7.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
5.9 (Medium)
Affected products
Recommended
4 products
| Product | Identifier | Version | Remediation |
|---|---|---|---|
| Unresolved product id: openSUSE Leap 15.2:dnsmasq-2.78-lp152.7.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:dnsmasq-2.78-lp152.7.3.1.x86_64 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:dnsmasq-utils-2.78-lp152.7.3.1.i586 | — |
Vendor Fix
|
|
| Unresolved product id: openSUSE Leap 15.2:dnsmasq-utils-2.78-lp152.7.3.1.x86_64 | — |
Vendor Fix
|
Threats
Impact
important
References
27 references
{
"document": {
"aggregate_severity": {
"namespace": "https://www.suse.com/support/security/rating/",
"text": "important"
},
"category": "csaf_security_advisory",
"csaf_version": "2.0",
"distribution": {
"text": "Copyright 2024 SUSE LLC. All rights reserved.",
"tlp": {
"label": "WHITE",
"url": "https://www.first.org/tlp/"
}
},
"lang": "en",
"notes": [
{
"category": "summary",
"text": "Security update for dnsmasq",
"title": "Title of the patch"
},
{
"category": "description",
"text": "This update for dnsmasq fixes the following issues:\n\n- bsc#1177077: Fixed DNSpooq vulnerabilities\n- CVE-2020-25684, CVE-2020-25685, CVE-2020-25686:\n Fixed multiple Cache Poisoning attacks.\n- CVE-2020-25681, CVE-2020-25682, CVE-2020-25683, CVE-2020-25687:\n Fixed multiple potential Heap-based overflows when DNSSEC is\n enabled.\n\n- Retry query to other servers on receipt of SERVFAIL rcode\n (bsc#1176076)\n\nThis update was imported from the SUSE:SLE-15-SP1:Update update project.",
"title": "Description of the patch"
},
{
"category": "details",
"text": "openSUSE-2021-124",
"title": "Patchnames"
},
{
"category": "legal_disclaimer",
"text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
"title": "Terms of use"
}
],
"publisher": {
"category": "vendor",
"contact_details": "https://www.suse.com/support/security/contact/",
"name": "SUSE Product Security Team",
"namespace": "https://www.suse.com/"
},
"references": [
{
"category": "external",
"summary": "SUSE ratings",
"url": "https://www.suse.com/support/security/rating/"
},
{
"category": "self",
"summary": "URL of this CSAF notice",
"url": "https://ftp.suse.com/pub/projects/security/csaf/opensuse-su-2021_0124-1.json"
},
{
"category": "self",
"summary": "URL for openSUSE-SU-2021:0124-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/GY5KV2WHBZG4XCWVKZOU4DFCHSMBT5KV/"
},
{
"category": "self",
"summary": "E-Mail link for openSUSE-SU-2021:0124-1",
"url": "https://lists.opensuse.org/archives/list/security-announce@lists.opensuse.org/thread/GY5KV2WHBZG4XCWVKZOU4DFCHSMBT5KV/"
},
{
"category": "self",
"summary": "SUSE Bug 1176076",
"url": "https://bugzilla.suse.com/1176076"
},
{
"category": "self",
"summary": "SUSE Bug 1177077",
"url": "https://bugzilla.suse.com/1177077"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-25681 page",
"url": "https://www.suse.com/security/cve/CVE-2020-25681/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-25682 page",
"url": "https://www.suse.com/security/cve/CVE-2020-25682/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-25683 page",
"url": "https://www.suse.com/security/cve/CVE-2020-25683/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-25684 page",
"url": "https://www.suse.com/security/cve/CVE-2020-25684/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-25685 page",
"url": "https://www.suse.com/security/cve/CVE-2020-25685/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-25686 page",
"url": "https://www.suse.com/security/cve/CVE-2020-25686/"
},
{
"category": "self",
"summary": "SUSE CVE CVE-2020-25687 page",
"url": "https://www.suse.com/security/cve/CVE-2020-25687/"
}
],
"title": "Security update for dnsmasq",
"tracking": {
"current_release_date": "2021-01-20T09:04:03Z",
"generator": {
"date": "2021-01-20T09:04:03Z",
"engine": {
"name": "cve-database.git:bin/generate-csaf.pl",
"version": "1"
}
},
"id": "openSUSE-SU-2021:0124-1",
"initial_release_date": "2021-01-20T09:04:03Z",
"revision_history": [
{
"date": "2021-01-20T09:04:03Z",
"number": "1",
"summary": "Current version"
}
],
"status": "final",
"version": "1"
}
},
"product_tree": {
"branches": [
{
"branches": [
{
"branches": [
{
"category": "product_version",
"name": "dnsmasq-2.78-lp152.7.3.1.i586",
"product": {
"name": "dnsmasq-2.78-lp152.7.3.1.i586",
"product_id": "dnsmasq-2.78-lp152.7.3.1.i586"
}
},
{
"category": "product_version",
"name": "dnsmasq-utils-2.78-lp152.7.3.1.i586",
"product": {
"name": "dnsmasq-utils-2.78-lp152.7.3.1.i586",
"product_id": "dnsmasq-utils-2.78-lp152.7.3.1.i586"
}
}
],
"category": "architecture",
"name": "i586"
},
{
"branches": [
{
"category": "product_version",
"name": "dnsmasq-2.78-lp152.7.3.1.x86_64",
"product": {
"name": "dnsmasq-2.78-lp152.7.3.1.x86_64",
"product_id": "dnsmasq-2.78-lp152.7.3.1.x86_64"
}
},
{
"category": "product_version",
"name": "dnsmasq-utils-2.78-lp152.7.3.1.x86_64",
"product": {
"name": "dnsmasq-utils-2.78-lp152.7.3.1.x86_64",
"product_id": "dnsmasq-utils-2.78-lp152.7.3.1.x86_64"
}
}
],
"category": "architecture",
"name": "x86_64"
},
{
"branches": [
{
"category": "product_name",
"name": "openSUSE Leap 15.2",
"product": {
"name": "openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2",
"product_identification_helper": {
"cpe": "cpe:/o:opensuse:leap:15.2"
}
}
}
],
"category": "product_family",
"name": "SUSE Linux Enterprise"
}
],
"category": "vendor",
"name": "SUSE"
}
],
"relationships": [
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-2.78-lp152.7.3.1.i586 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:dnsmasq-2.78-lp152.7.3.1.i586"
},
"product_reference": "dnsmasq-2.78-lp152.7.3.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-2.78-lp152.7.3.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:dnsmasq-2.78-lp152.7.3.1.x86_64"
},
"product_reference": "dnsmasq-2.78-lp152.7.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-utils-2.78-lp152.7.3.1.i586 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:dnsmasq-utils-2.78-lp152.7.3.1.i586"
},
"product_reference": "dnsmasq-utils-2.78-lp152.7.3.1.i586",
"relates_to_product_reference": "openSUSE Leap 15.2"
},
{
"category": "default_component_of",
"full_product_name": {
"name": "dnsmasq-utils-2.78-lp152.7.3.1.x86_64 as component of openSUSE Leap 15.2",
"product_id": "openSUSE Leap 15.2:dnsmasq-utils-2.78-lp152.7.3.1.x86_64"
},
"product_reference": "dnsmasq-utils-2.78-lp152.7.3.1.x86_64",
"relates_to_product_reference": "openSUSE Leap 15.2"
}
]
},
"vulnerabilities": [
{
"cve": "CVE-2020-25681",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-25681"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in dnsmasq before version 2.83. A heap-based buffer overflow was discovered in the way RRSets are sorted before validating with DNSSEC data. An attacker on the network, who can forge DNS replies such as that they are accepted as valid, could use this flaw to cause a buffer overflow with arbitrary data in a heap memory segment, possibly executing code on the machine. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:dnsmasq-2.78-lp152.7.3.1.i586",
"openSUSE Leap 15.2:dnsmasq-2.78-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:dnsmasq-utils-2.78-lp152.7.3.1.i586",
"openSUSE Leap 15.2:dnsmasq-utils-2.78-lp152.7.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-25681",
"url": "https://www.suse.com/security/cve/CVE-2020-25681"
},
{
"category": "external",
"summary": "SUSE Bug 1177077 for CVE-2020-25681",
"url": "https://bugzilla.suse.com/1177077"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:dnsmasq-2.78-lp152.7.3.1.i586",
"openSUSE Leap 15.2:dnsmasq-2.78-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:dnsmasq-utils-2.78-lp152.7.3.1.i586",
"openSUSE Leap 15.2:dnsmasq-utils-2.78-lp152.7.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:dnsmasq-2.78-lp152.7.3.1.i586",
"openSUSE Leap 15.2:dnsmasq-2.78-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:dnsmasq-utils-2.78-lp152.7.3.1.i586",
"openSUSE Leap 15.2:dnsmasq-utils-2.78-lp152.7.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-01-20T09:04:03Z",
"details": "important"
}
],
"title": "CVE-2020-25681"
},
{
"cve": "CVE-2020-25682",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-25682"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in dnsmasq before 2.83. A buffer overflow vulnerability was discovered in the way dnsmasq extract names from DNS packets before validating them with DNSSEC data. An attacker on the network, who can create valid DNS replies, could use this flaw to cause an overflow with arbitrary data in a heap-allocated memory, possibly executing code on the machine. The flaw is in the rfc1035.c:extract_name() function, which writes data to the memory pointed by name assuming MAXDNAME*2 bytes are available in the buffer. However, in some code execution paths, it is possible extract_name() gets passed an offset from the base buffer, thus reducing, in practice, the number of available bytes that can be written in the buffer. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:dnsmasq-2.78-lp152.7.3.1.i586",
"openSUSE Leap 15.2:dnsmasq-2.78-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:dnsmasq-utils-2.78-lp152.7.3.1.i586",
"openSUSE Leap 15.2:dnsmasq-utils-2.78-lp152.7.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-25682",
"url": "https://www.suse.com/security/cve/CVE-2020-25682"
},
{
"category": "external",
"summary": "SUSE Bug 1177077 for CVE-2020-25682",
"url": "https://bugzilla.suse.com/1177077"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:dnsmasq-2.78-lp152.7.3.1.i586",
"openSUSE Leap 15.2:dnsmasq-2.78-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:dnsmasq-utils-2.78-lp152.7.3.1.i586",
"openSUSE Leap 15.2:dnsmasq-utils-2.78-lp152.7.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 8.1,
"baseSeverity": "HIGH",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:dnsmasq-2.78-lp152.7.3.1.i586",
"openSUSE Leap 15.2:dnsmasq-2.78-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:dnsmasq-utils-2.78-lp152.7.3.1.i586",
"openSUSE Leap 15.2:dnsmasq-utils-2.78-lp152.7.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-01-20T09:04:03Z",
"details": "important"
}
],
"title": "CVE-2020-25682"
},
{
"cve": "CVE-2020-25683",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-25683"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in dnsmasq before version 2.83. A heap-based buffer overflow was discovered in dnsmasq when DNSSEC is enabled and before it validates the received DNS entries. A remote attacker, who can create valid DNS replies, could use this flaw to cause an overflow in a heap-allocated memory. This flaw is caused by the lack of length checks in rfc1035.c:extract_name(), which could be abused to make the code execute memcpy() with a negative size in get_rdata() and cause a crash in dnsmasq, resulting in a denial of service. The highest threat from this vulnerability is to system availability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:dnsmasq-2.78-lp152.7.3.1.i586",
"openSUSE Leap 15.2:dnsmasq-2.78-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:dnsmasq-utils-2.78-lp152.7.3.1.i586",
"openSUSE Leap 15.2:dnsmasq-utils-2.78-lp152.7.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-25683",
"url": "https://www.suse.com/security/cve/CVE-2020-25683"
},
{
"category": "external",
"summary": "SUSE Bug 1177077 for CVE-2020-25683",
"url": "https://bugzilla.suse.com/1177077"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:dnsmasq-2.78-lp152.7.3.1.i586",
"openSUSE Leap 15.2:dnsmasq-2.78-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:dnsmasq-utils-2.78-lp152.7.3.1.i586",
"openSUSE Leap 15.2:dnsmasq-utils-2.78-lp152.7.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:dnsmasq-2.78-lp152.7.3.1.i586",
"openSUSE Leap 15.2:dnsmasq-2.78-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:dnsmasq-utils-2.78-lp152.7.3.1.i586",
"openSUSE Leap 15.2:dnsmasq-utils-2.78-lp152.7.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-01-20T09:04:03Z",
"details": "important"
}
],
"title": "CVE-2020-25683"
},
{
"cve": "CVE-2020-25684",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-25684"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in dnsmasq before version 2.83. When getting a reply from a forwarded query, dnsmasq checks in the forward.c:reply_query() if the reply destination address/port is used by the pending forwarded queries. However, it does not use the address/port to retrieve the exact forwarded query, substantially reducing the number of attempts an attacker on the network would have to perform to forge a reply and get it accepted by dnsmasq. This issue contrasts with RFC5452, which specifies a query\u0027s attributes that all must be used to match a reply. This flaw allows an attacker to perform a DNS Cache Poisoning attack. If chained with CVE-2020-25685 or CVE-2020-25686, the attack complexity of a successful attack is reduced. The highest threat from this vulnerability is to data integrity.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:dnsmasq-2.78-lp152.7.3.1.i586",
"openSUSE Leap 15.2:dnsmasq-2.78-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:dnsmasq-utils-2.78-lp152.7.3.1.i586",
"openSUSE Leap 15.2:dnsmasq-utils-2.78-lp152.7.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-25684",
"url": "https://www.suse.com/security/cve/CVE-2020-25684"
},
{
"category": "external",
"summary": "SUSE Bug 1177077 for CVE-2020-25684",
"url": "https://bugzilla.suse.com/1177077"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:dnsmasq-2.78-lp152.7.3.1.i586",
"openSUSE Leap 15.2:dnsmasq-2.78-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:dnsmasq-utils-2.78-lp152.7.3.1.i586",
"openSUSE Leap 15.2:dnsmasq-utils-2.78-lp152.7.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:dnsmasq-2.78-lp152.7.3.1.i586",
"openSUSE Leap 15.2:dnsmasq-2.78-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:dnsmasq-utils-2.78-lp152.7.3.1.i586",
"openSUSE Leap 15.2:dnsmasq-utils-2.78-lp152.7.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-01-20T09:04:03Z",
"details": "important"
}
],
"title": "CVE-2020-25684"
},
{
"cve": "CVE-2020-25685",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-25685"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in dnsmasq before version 2.83. When getting a reply from a forwarded query, dnsmasq checks in forward.c:reply_query(), which is the forwarded query that matches the reply, by only using a weak hash of the query name. Due to the weak hash (CRC32 when dnsmasq is compiled without DNSSEC, SHA-1 when it is) this flaw allows an off-path attacker to find several different domains all having the same hash, substantially reducing the number of attempts they would have to perform to forge a reply and get it accepted by dnsmasq. This is in contrast with RFC5452, which specifies that the query name is one of the attributes of a query that must be used to match a reply. This flaw could be abused to perform a DNS Cache Poisoning attack. If chained with CVE-2020-25684 the attack complexity of a successful attack is reduced. The highest threat from this vulnerability is to data integrity.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:dnsmasq-2.78-lp152.7.3.1.i586",
"openSUSE Leap 15.2:dnsmasq-2.78-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:dnsmasq-utils-2.78-lp152.7.3.1.i586",
"openSUSE Leap 15.2:dnsmasq-utils-2.78-lp152.7.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-25685",
"url": "https://www.suse.com/security/cve/CVE-2020-25685"
},
{
"category": "external",
"summary": "SUSE Bug 1177077 for CVE-2020-25685",
"url": "https://bugzilla.suse.com/1177077"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:dnsmasq-2.78-lp152.7.3.1.i586",
"openSUSE Leap 15.2:dnsmasq-2.78-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:dnsmasq-utils-2.78-lp152.7.3.1.i586",
"openSUSE Leap 15.2:dnsmasq-utils-2.78-lp152.7.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:dnsmasq-2.78-lp152.7.3.1.i586",
"openSUSE Leap 15.2:dnsmasq-2.78-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:dnsmasq-utils-2.78-lp152.7.3.1.i586",
"openSUSE Leap 15.2:dnsmasq-utils-2.78-lp152.7.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-01-20T09:04:03Z",
"details": "important"
}
],
"title": "CVE-2020-25685"
},
{
"cve": "CVE-2020-25686",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-25686"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in dnsmasq before version 2.83. When receiving a query, dnsmasq does not check for an existing pending request for the same name and forwards a new request. By default, a maximum of 150 pending queries can be sent to upstream servers, so there can be at most 150 queries for the same name. This flaw allows an off-path attacker on the network to substantially reduce the number of attempts that it would have to perform to forge a reply and have it accepted by dnsmasq. This issue is mentioned in the \"Birthday Attacks\" section of RFC5452. If chained with CVE-2020-25684, the attack complexity of a successful attack is reduced. The highest threat from this vulnerability is to data integrity.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:dnsmasq-2.78-lp152.7.3.1.i586",
"openSUSE Leap 15.2:dnsmasq-2.78-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:dnsmasq-utils-2.78-lp152.7.3.1.i586",
"openSUSE Leap 15.2:dnsmasq-utils-2.78-lp152.7.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-25686",
"url": "https://www.suse.com/security/cve/CVE-2020-25686"
},
{
"category": "external",
"summary": "SUSE Bug 1177077 for CVE-2020-25686",
"url": "https://bugzilla.suse.com/1177077"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:dnsmasq-2.78-lp152.7.3.1.i586",
"openSUSE Leap 15.2:dnsmasq-2.78-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:dnsmasq-utils-2.78-lp152.7.3.1.i586",
"openSUSE Leap 15.2:dnsmasq-utils-2.78-lp152.7.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.4,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:N",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:dnsmasq-2.78-lp152.7.3.1.i586",
"openSUSE Leap 15.2:dnsmasq-2.78-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:dnsmasq-utils-2.78-lp152.7.3.1.i586",
"openSUSE Leap 15.2:dnsmasq-utils-2.78-lp152.7.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-01-20T09:04:03Z",
"details": "important"
}
],
"title": "CVE-2020-25686"
},
{
"cve": "CVE-2020-25687",
"ids": [
{
"system_name": "SUSE CVE Page",
"text": "https://www.suse.com/security/cve/CVE-2020-25687"
}
],
"notes": [
{
"category": "general",
"text": "A flaw was found in dnsmasq before version 2.83. A heap-based buffer overflow was discovered in dnsmasq when DNSSEC is enabled and before it validates the received DNS entries. This flaw allows a remote attacker, who can create valid DNS replies, to cause an overflow in a heap-allocated memory. This flaw is caused by the lack of length checks in rfc1035.c:extract_name(), which could be abused to make the code execute memcpy() with a negative size in sort_rrset() and cause a crash in dnsmasq, resulting in a denial of service. The highest threat from this vulnerability is to system availability.",
"title": "CVE description"
}
],
"product_status": {
"recommended": [
"openSUSE Leap 15.2:dnsmasq-2.78-lp152.7.3.1.i586",
"openSUSE Leap 15.2:dnsmasq-2.78-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:dnsmasq-utils-2.78-lp152.7.3.1.i586",
"openSUSE Leap 15.2:dnsmasq-utils-2.78-lp152.7.3.1.x86_64"
]
},
"references": [
{
"category": "external",
"summary": "CVE-2020-25687",
"url": "https://www.suse.com/security/cve/CVE-2020-25687"
},
{
"category": "external",
"summary": "SUSE Bug 1177077 for CVE-2020-25687",
"url": "https://bugzilla.suse.com/1177077"
}
],
"remediations": [
{
"category": "vendor_fix",
"details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
"product_ids": [
"openSUSE Leap 15.2:dnsmasq-2.78-lp152.7.3.1.i586",
"openSUSE Leap 15.2:dnsmasq-2.78-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:dnsmasq-utils-2.78-lp152.7.3.1.i586",
"openSUSE Leap 15.2:dnsmasq-utils-2.78-lp152.7.3.1.x86_64"
]
}
],
"scores": [
{
"cvss_v3": {
"baseScore": 5.9,
"baseSeverity": "MEDIUM",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
},
"products": [
"openSUSE Leap 15.2:dnsmasq-2.78-lp152.7.3.1.i586",
"openSUSE Leap 15.2:dnsmasq-2.78-lp152.7.3.1.x86_64",
"openSUSE Leap 15.2:dnsmasq-utils-2.78-lp152.7.3.1.i586",
"openSUSE Leap 15.2:dnsmasq-utils-2.78-lp152.7.3.1.x86_64"
]
}
],
"threats": [
{
"category": "impact",
"date": "2021-01-20T09:04:03Z",
"details": "important"
}
],
"title": "CVE-2020-25687"
}
]
}
Loading…
Trend slope:
-
(linear fit over daily sighting counts)
Show additional events:
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…