Vulnerability-Lookup

WID-SEC-W-2023-2836

Vulnerability from csaf_certbund - Published: 2021-01-18 23:00 - Updated: 2023-11-06 23:00

Summary

dnsmasq: Mehrere Schwachstellen

Severity

Hoch

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung: Dnsmasq ist ein leichtgewichtiger DNS- und DHCP Server.

Angriff: Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in dnsmasq und mehreren Cisco Produkten ausnutzen, um beliebigen Programmcode auszuführen und um den DNS Cache zu manipulieren.

Betroffene Betriebssysteme: - UNIX - Linux - CISCO Appliance - Appliance

CVE-2020-25681

In dnsmasq und mehreren Cisco Produkten existieren mehrere Schwachstellen aufgrund von Buffer-Overflows und fehlerhafter Eingabeprüfungen. Ein entfernter, anonymer Angreifer kann dadurch beliebigen Code im Kontext des Dienstes zur Ausführung bringen oder DNS Cache-Poisoning Angriffe durchführen.

CVE-2020-25682

CVE-2020-25683

CVE-2020-25684

CVE-2020-25685

CVE-2020-25686

CVE-2020-25687

References

URL

Category

	https://wid.cert-bund.de/.well-known/csaf/white/2…	self
	https://wid.cert-bund.de/portal/wid/securityadvis…	self
	https://linux.oracle.com/errata/ELSA-2023-12971.html	external
	https://linux.oracle.com/errata/ELSA-2023-12972.html	external
	https://lists.debian.org/debian-lts-announce/2021…	external
	https://tools.cisco.com/security/center/content/C…	external
	https://www.jsof-tech.com/disclosures/dnspooq/	external
	https://www.arista.com/en/support/advisories-noti…	external
	https://usn.ubuntu.com/4698-1	external
	https://access.redhat.com/errata/RHSA-2021:0150	external
	https://access.redhat.com/errata/RHSA-2021:0151	external
	https://access.redhat.com/errata/RHSA-2021:0152	external
	https://access.redhat.com/errata/RHSA-2021:0153	external
	https://access.redhat.com/errata/RHSA-2021:0154	external
	https://access.redhat.com/errata/RHSA-2021:0155	external
	https://access.redhat.com/errata/RHSA-2021:0156	external
	http://linux.oracle.com/errata/ELSA-2021-0153.html	external
	https://linux.oracle.com/errata/ELSA-2021-0150.html	external
	https://lists.suse.com/pipermail/sle-security-upd…	external
	https://lists.suse.com/pipermail/sle-security-upd…	external
	https://lists.suse.com/pipermail/sle-security-upd…	external
	https://lists.suse.com/pipermail/sle-security-upd…	external
	https://lists.suse.com/pipermail/sle-security-upd…	external
	https://us-cert.cisa.gov/ics/advisories/icsa-21-019-01	external
	http://www.thekelleys.org.uk/dnsmasq/CHANGELOG	external
	https://security.archlinux.org/ASA-202101-38/generate	external
	https://www.synology.com/en-global/support/securi…	external
	https://access.redhat.com/errata/RHSA-2021:0240	external
	https://security.gentoo.org/glsa/202101-17	external
	https://access.redhat.com/errata/RHSA-2021:0245	external
	http://centos-announce.2309468.n4.nabble.com/Cent…	external
	https://www.zyxel.com/support/DNSpooq.shtml	external
	https://access.redhat.com/errata/RHSA-2021:0281	external
	https://access.redhat.com/errata/RHSA-2021:0395	external
	https://access.redhat.com/errata/RHSA-2021:0401	external
	https://alas.aws.amazon.com/AL2/ALAS-2021-1587.html	external
	https://www.debian.org/security/2021/dsa-4844	external
	https://www.arubanetworks.com/assets/alert/ARUBA-…	external
	https://ubuntu.com/security/notices/USN-4698-2	external
	https://downloads.avaya.com/css/P8/documents/101074267	external
	https://www.qnap.com/de-de/security-advisory/QSA-21-09	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Dnsmasq ist ein leichtgewichtiger DNS- und DHCP Server.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in dnsmasq und mehreren Cisco Produkten ausnutzen, um beliebigen Programmcode auszuf\u00fchren und um den DNS Cache zu manipulieren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- UNIX\n- Linux\n- CISCO Appliance\n- Appliance",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2023-2836 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2021/wid-sec-w-2023-2836.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2023-2836 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-2836"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2023-12971 vom 2023-11-06",
        "url": "https://linux.oracle.com/errata/ELSA-2023-12971.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2023-12972 vom 2023-11-06",
        "url": "https://linux.oracle.com/errata/ELSA-2023-12972.html"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DLA-2604 vom 2021-03-22",
        "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00027.html"
      },
      {
        "category": "external",
        "summary": "Cisco Security Advisory CISCO-SA-DNSMASQ-DNS-2021-C5MRDF3G vom 2021-01-18",
        "url": "https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-dnsmasq-dns-2021-c5mrdf3g"
      },
      {
        "category": "external",
        "summary": "DNSpooq Attack vom 2021-01-18",
        "url": "https://www.jsof-tech.com/disclosures/dnspooq/"
      },
      {
        "category": "external",
        "summary": "Arista Security Advisory 61 vom 2021-01-19",
        "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/12135-security-advisory-61"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-4698-1 vom 2021-01-19",
        "url": "https://usn.ubuntu.com/4698-1"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2021:0150 vom 2021-01-19",
        "url": "https://access.redhat.com/errata/RHSA-2021:0150"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2021:0151 vom 2021-01-19",
        "url": "https://access.redhat.com/errata/RHSA-2021:0151"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2021:0152 vom 2021-01-19",
        "url": "https://access.redhat.com/errata/RHSA-2021:0152"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2021:0153 vom 2021-01-19",
        "url": "https://access.redhat.com/errata/RHSA-2021:0153"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2021:0154 vom 2021-01-19",
        "url": "https://access.redhat.com/errata/RHSA-2021:0154"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2021:0155 vom 2021-01-19",
        "url": "https://access.redhat.com/errata/RHSA-2021:0155"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2021:0156 vom 2021-01-19",
        "url": "https://access.redhat.com/errata/RHSA-2021:0156"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2021-0153 vom 2021-01-19",
        "url": "http://linux.oracle.com/errata/ELSA-2021-0153.html"
      },
      {
        "category": "external",
        "summary": "Oracle Linux Security Advisory ELSA-2021-0150 vom 2021-01-20",
        "url": "https://linux.oracle.com/errata/ELSA-2021-0150.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2021:0163-1 vom 2021-01-19",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2021-January/008222.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2021:14603-1 vom 2021-01-19",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2021-January/008224.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2021:0166-1 vom 2021-01-19",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2021-January/008223.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2021:0162-1 vom 2021-01-19",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2021-January/008225.html"
      },
      {
        "category": "external",
        "summary": "SUSE Security Update SUSE-SU-2021:14604-1 vom 2021-01-19",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2021-January/008226.html"
      },
      {
        "category": "external",
        "summary": "ICS CERT Advisory ICSA-21-019-01 vom 2021-01-19",
        "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-019-01"
      },
      {
        "category": "external",
        "summary": "Changelog dnsmasq",
        "url": "http://www.thekelleys.org.uk/dnsmasq/CHANGELOG"
      },
      {
        "category": "external",
        "summary": "Arch Linux Security Advisory ASA-202101-38 vom 2021-01-21",
        "url": "https://security.archlinux.org/ASA-202101-38/generate"
      },
      {
        "category": "external",
        "summary": "Synology Security Advisory SYNOLOGY-SA-21:01 vom 2021-01-25",
        "url": "https://www.synology.com/en-global/support/security/Synology_SA_21_01"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2021:0240 vom 2021-01-25",
        "url": "https://access.redhat.com/errata/RHSA-2021:0240"
      },
      {
        "category": "external",
        "summary": "Gentoo Linux Security Advisory GLSA-202101-17 vom 2021-01-25",
        "url": "https://security.gentoo.org/glsa/202101-17"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2021:0245 vom 2021-01-25",
        "url": "https://access.redhat.com/errata/RHSA-2021:0245"
      },
      {
        "category": "external",
        "summary": "CentOS Security Advisory CESA-2021:0153 vom 2021-01-26",
        "url": "http://centos-announce.2309468.n4.nabble.com/CentOS-announce-CESA-2021-0153-Moderate-CentOS-7-dnsmasq-Security-Update-tp4646120.html"
      },
      {
        "category": "external",
        "summary": "Zyxel security advisory for DNSpooq vom 2021-01-26",
        "url": "https://www.zyxel.com/support/DNSpooq.shtml"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2021:0281 vom 2021-02-03",
        "url": "https://access.redhat.com/errata/RHSA-2021:0281"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2021:0395 vom 2021-02-03",
        "url": "https://access.redhat.com/errata/RHSA-2021:0395"
      },
      {
        "category": "external",
        "summary": "Red Hat Security Advisory RHSA-2021:0401 vom 2021-02-03",
        "url": "https://access.redhat.com/errata/RHSA-2021:0401"
      },
      {
        "category": "external",
        "summary": "Amazon Linux Security Advisory ALAS-2021-1587 vom 2021-02-03",
        "url": "https://alas.aws.amazon.com/AL2/ALAS-2021-1587.html"
      },
      {
        "category": "external",
        "summary": "Debian Security Advisory DSA-4844 vom 2021-02-04",
        "url": "https://www.debian.org/security/2021/dsa-4844"
      },
      {
        "category": "external",
        "summary": "Aruba Product Security Advisory",
        "url": "https://www.arubanetworks.com/assets/alert/ARUBA-PSA-2021-006.txt"
      },
      {
        "category": "external",
        "summary": "Ubuntu Security Notice USN-4698-2 vom 2021-02-24",
        "url": "https://ubuntu.com/security/notices/USN-4698-2"
      },
      {
        "category": "external",
        "summary": "AVAYA Security Advisory ASA-2021-006 vom 2021-03-03",
        "url": "https://downloads.avaya.com/css/P8/documents/101074267"
      },
      {
        "category": "external",
        "summary": "QNAP Security Advisory QSA-21-09 vom 2021-06-30",
        "url": "https://www.qnap.com/de-de/security-advisory/QSA-21-09"
      }
    ],
    "source_lang": "en-US",
    "title": "dnsmasq: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2023-11-06T23:00:00.000+00:00",
      "generator": {
        "date": "2024-08-15T18:01:09.653+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.5"
        }
      },
      "id": "WID-SEC-W-2023-2836",
      "initial_release_date": "2021-01-18T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2021-01-18T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2021-01-19T23:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von Arista, Cisco, Ubuntu, Red Hat, Oracle Linux und SUSE aufgenommen"
        },
        {
          "date": "2021-01-20T23:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von Arch Linux aufgenommen"
        },
        {
          "date": "2021-01-24T23:00:00.000+00:00",
          "number": "4",
          "summary": "Neue Updates von Synology aufgenommen"
        },
        {
          "date": "2021-01-25T23:00:00.000+00:00",
          "number": "5",
          "summary": "Neue Updates von Red Hat und Gentoo aufgenommen"
        },
        {
          "date": "2021-01-26T23:00:00.000+00:00",
          "number": "6",
          "summary": "Neue Updates von CentOS aufgenommen"
        },
        {
          "date": "2021-02-02T23:00:00.000+00:00",
          "number": "7",
          "summary": "Neue Updates von Red Hat aufgenommen"
        },
        {
          "date": "2021-02-03T23:00:00.000+00:00",
          "number": "8",
          "summary": "Neue Updates von Red Hat und Amazon aufgenommen"
        },
        {
          "date": "2021-02-04T23:00:00.000+00:00",
          "number": "9",
          "summary": "Neue Updates von Debian aufgenommen"
        },
        {
          "date": "2021-02-23T23:00:00.000+00:00",
          "number": "10",
          "summary": "Neue Updates von Aruba aufgenommen"
        },
        {
          "date": "2021-02-24T23:00:00.000+00:00",
          "number": "11",
          "summary": "Neue Updates von Ubuntu aufgenommen"
        },
        {
          "date": "2021-03-04T23:00:00.000+00:00",
          "number": "12",
          "summary": "Neue Updates von AVAYA aufgenommen"
        },
        {
          "date": "2021-03-22T23:00:00.000+00:00",
          "number": "13",
          "summary": "Neue Updates von Debian aufgenommen"
        },
        {
          "date": "2021-06-30T22:00:00.000+00:00",
          "number": "14",
          "summary": "Neue Updates von QNAP aufgenommen"
        },
        {
          "date": "2023-11-06T23:00:00.000+00:00",
          "number": "15",
          "summary": "Neue Updates von Oracle Linux aufgenommen"
        }
      ],
      "status": "final",
      "version": "15"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Amazon Linux 2",
            "product": {
              "name": "Amazon Linux 2",
              "product_id": "398363",
              "product_identification_helper": {
                "cpe": "cpe:/o:amazon:linux_2:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Amazon"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Arista EOS",
            "product": {
              "name": "Arista EOS",
              "product_id": "T007065",
              "product_identification_helper": {
                "cpe": "cpe:/o:arista:arista_eos:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Arista"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Aruba ArubaOS",
            "product": {
              "name": "Aruba ArubaOS",
              "product_id": "T016785",
              "product_identification_helper": {
                "cpe": "cpe:/o:arubanetworks:arubaos:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Aruba"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Avaya Aura Application Enablement Services",
            "product": {
              "name": "Avaya Aura Application Enablement Services",
              "product_id": "T015516",
              "product_identification_helper": {
                "cpe": "cpe:/a:avaya:aura_application_enablement_services:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Avaya Aura Communication Manager",
            "product": {
              "name": "Avaya Aura Communication Manager",
              "product_id": "T015126",
              "product_identification_helper": {
                "cpe": "cpe:/a:avaya:communication_manager:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Avaya Aura Session Manager",
            "product": {
              "name": "Avaya Aura Session Manager",
              "product_id": "T015127",
              "product_identification_helper": {
                "cpe": "cpe:/a:avaya:session_manager:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Avaya Aura System Manager",
            "product": {
              "name": "Avaya Aura System Manager",
              "product_id": "T015518",
              "product_identification_helper": {
                "cpe": "cpe:/a:avaya:aura_system_manager:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Avaya Web License Manager",
            "product": {
              "name": "Avaya Web License Manager",
              "product_id": "T016243",
              "product_identification_helper": {
                "cpe": "cpe:/a:avaya:web_license_manager:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Avaya"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Cisco Aironet Access Point",
            "product": {
              "name": "Cisco Aironet Access Point",
              "product_id": "T012215",
              "product_identification_helper": {
                "cpe": "cpe:/o:cisco:aironet_access_point_software:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Cisco Analog Telephone Adaptor (ATA)",
            "product": {
              "name": "Cisco Analog Telephone Adaptor (ATA)",
              "product_id": "T015211",
              "product_identification_helper": {
                "cpe": "cpe:/h:cisco:ata:spa122"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Cisco Catalyst Access Point",
            "product": {
              "name": "Cisco Catalyst Access Point",
              "product_id": "T018120",
              "product_identification_helper": {
                "cpe": "cpe:/h:cisco:catalyst:access_point"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Cisco IP Phone",
            "product": {
              "name": "Cisco IP Phone",
              "product_id": "2070",
              "product_identification_helper": {
                "cpe": "cpe:/h:cisco:ip_phone:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Cisco Small Business",
            "product": {
              "name": "Cisco Small Business",
              "product_id": "T006515",
              "product_identification_helper": {
                "cpe": "cpe:/h:cisco:small_business:srp520"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Cisco TelePresence Video Communication Server",
            "product": {
              "name": "Cisco TelePresence Video Communication Server",
              "product_id": "T018121",
              "product_identification_helper": {
                "cpe": "cpe:/h:cisco:telepresence:video_communication_server"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Cisco Unified IP Phone",
            "product": {
              "name": "Cisco Unified IP Phone",
              "product_id": "T003264",
              "product_identification_helper": {
                "cpe": "cpe:/h:cisco:unified_ip_phones:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Cisco WebEx Teams",
            "product": {
              "name": "Cisco WebEx Teams",
              "product_id": "T013516",
              "product_identification_helper": {
                "cpe": "cpe:/a:cisco:webex:teams"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Cisco"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Debian Linux",
            "product": {
              "name": "Debian Linux",
              "product_id": "2951",
              "product_identification_helper": {
                "cpe": "cpe:/o:debian:debian_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Debian"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Gentoo Linux",
            "product": {
              "name": "Gentoo Linux",
              "product_id": "T012167",
              "product_identification_helper": {
                "cpe": "cpe:/o:gentoo:linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Gentoo"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Open Source Arch Linux",
            "product": {
              "name": "Open Source Arch Linux",
              "product_id": "T013312",
              "product_identification_helper": {
                "cpe": "cpe:/o:archlinux:archlinux:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Open Source CentOS",
            "product": {
              "name": "Open Source CentOS",
              "product_id": "1727",
              "product_identification_helper": {
                "cpe": "cpe:/o:centos:centos:-"
              }
            }
          },
          {
            "category": "product_name",
            "name": "Open Source dnsmasq \u003c 2.83",
            "product": {
              "name": "Open Source dnsmasq \u003c 2.83",
              "product_id": "T018119",
              "product_identification_helper": {
                "cpe": "cpe:/a:dnsmasq:dnsmasq:2.83"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Open Source"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Oracle Linux",
            "product": {
              "name": "Oracle Linux",
              "product_id": "T004914",
              "product_identification_helper": {
                "cpe": "cpe:/o:oracle:linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Oracle"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "QNAP NAS",
            "product": {
              "name": "QNAP NAS",
              "product_id": "T017100",
              "product_identification_helper": {
                "cpe": "cpe:/h:qnap:nas:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "QNAP"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Red Hat Enterprise Linux",
            "product": {
              "name": "Red Hat Enterprise Linux",
              "product_id": "67646",
              "product_identification_helper": {
                "cpe": "cpe:/o:redhat:enterprise_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Red Hat"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "SUSE Linux",
            "product": {
              "name": "SUSE Linux",
              "product_id": "T002207",
              "product_identification_helper": {
                "cpe": "cpe:/o:suse:suse_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Synology DiskStation Manager",
            "product": {
              "name": "Synology DiskStation Manager",
              "product_id": "450918",
              "product_identification_helper": {
                "cpe": "cpe:/a:synology:diskstation_manager:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Synology"
      },
      {
        "branches": [
          {
            "category": "product_name",
            "name": "Ubuntu Linux",
            "product": {
              "name": "Ubuntu Linux",
              "product_id": "T000126",
              "product_identification_helper": {
                "cpe": "cpe:/o:canonical:ubuntu_linux:-"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "Ubuntu"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2020-25681",
      "notes": [
        {
          "category": "description",
          "text": "In dnsmasq und mehreren Cisco Produkten existieren mehrere Schwachstellen aufgrund von Buffer-Overflows und fehlerhafter Eingabepr\u00fcfungen. Ein entfernter, anonymer Angreifer kann dadurch beliebigen Code im Kontext des Dienstes zur Ausf\u00fchrung bringen oder DNS Cache-Poisoning Angriffe durchf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "2070",
          "T003264",
          "67646",
          "T006515",
          "T012215",
          "T015127",
          "T015126",
          "T004914",
          "450918",
          "T018120",
          "T018121",
          "398363",
          "T007065",
          "T013516",
          "T015518",
          "T015516",
          "T013312",
          "T012167",
          "T016785",
          "T015211",
          "T016243",
          "T017100",
          "2951",
          "T002207",
          "T000126",
          "1727"
        ]
      },
      "release_date": "2021-01-18T23:00:00.000+00:00",
      "title": "CVE-2020-25681"
    },
    {
      "cve": "CVE-2020-25682",
      "notes": [
        {
          "category": "description",
          "text": "In dnsmasq und mehreren Cisco Produkten existieren mehrere Schwachstellen aufgrund von Buffer-Overflows und fehlerhafter Eingabepr\u00fcfungen. Ein entfernter, anonymer Angreifer kann dadurch beliebigen Code im Kontext des Dienstes zur Ausf\u00fchrung bringen oder DNS Cache-Poisoning Angriffe durchf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "2070",
          "T003264",
          "67646",
          "T006515",
          "T012215",
          "T015127",
          "T015126",
          "T004914",
          "450918",
          "T018120",
          "T018121",
          "398363",
          "T007065",
          "T013516",
          "T015518",
          "T015516",
          "T013312",
          "T012167",
          "T016785",
          "T015211",
          "T016243",
          "T017100",
          "2951",
          "T002207",
          "T000126",
          "1727"
        ]
      },
      "release_date": "2021-01-18T23:00:00.000+00:00",
      "title": "CVE-2020-25682"
    },
    {
      "cve": "CVE-2020-25683",
      "notes": [
        {
          "category": "description",
          "text": "In dnsmasq und mehreren Cisco Produkten existieren mehrere Schwachstellen aufgrund von Buffer-Overflows und fehlerhafter Eingabepr\u00fcfungen. Ein entfernter, anonymer Angreifer kann dadurch beliebigen Code im Kontext des Dienstes zur Ausf\u00fchrung bringen oder DNS Cache-Poisoning Angriffe durchf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "2070",
          "T003264",
          "67646",
          "T006515",
          "T012215",
          "T015127",
          "T015126",
          "T004914",
          "450918",
          "T018120",
          "T018121",
          "398363",
          "T007065",
          "T013516",
          "T015518",
          "T015516",
          "T013312",
          "T012167",
          "T016785",
          "T015211",
          "T016243",
          "T017100",
          "2951",
          "T002207",
          "T000126",
          "1727"
        ]
      },
      "release_date": "2021-01-18T23:00:00.000+00:00",
      "title": "CVE-2020-25683"
    },
    {
      "cve": "CVE-2020-25684",
      "notes": [
        {
          "category": "description",
          "text": "In dnsmasq und mehreren Cisco Produkten existieren mehrere Schwachstellen aufgrund von Buffer-Overflows und fehlerhafter Eingabepr\u00fcfungen. Ein entfernter, anonymer Angreifer kann dadurch beliebigen Code im Kontext des Dienstes zur Ausf\u00fchrung bringen oder DNS Cache-Poisoning Angriffe durchf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "2070",
          "T003264",
          "67646",
          "T006515",
          "T012215",
          "T015127",
          "T015126",
          "T004914",
          "450918",
          "T018120",
          "T018121",
          "398363",
          "T007065",
          "T013516",
          "T015518",
          "T015516",
          "T013312",
          "T012167",
          "T016785",
          "T015211",
          "T016243",
          "T017100",
          "2951",
          "T002207",
          "T000126",
          "1727"
        ]
      },
      "release_date": "2021-01-18T23:00:00.000+00:00",
      "title": "CVE-2020-25684"
    },
    {
      "cve": "CVE-2020-25685",
      "notes": [
        {
          "category": "description",
          "text": "In dnsmasq und mehreren Cisco Produkten existieren mehrere Schwachstellen aufgrund von Buffer-Overflows und fehlerhafter Eingabepr\u00fcfungen. Ein entfernter, anonymer Angreifer kann dadurch beliebigen Code im Kontext des Dienstes zur Ausf\u00fchrung bringen oder DNS Cache-Poisoning Angriffe durchf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "2070",
          "T003264",
          "67646",
          "T006515",
          "T012215",
          "T015127",
          "T015126",
          "T004914",
          "450918",
          "T018120",
          "T018121",
          "398363",
          "T007065",
          "T013516",
          "T015518",
          "T015516",
          "T013312",
          "T012167",
          "T016785",
          "T015211",
          "T016243",
          "T017100",
          "2951",
          "T002207",
          "T000126",
          "1727"
        ]
      },
      "release_date": "2021-01-18T23:00:00.000+00:00",
      "title": "CVE-2020-25685"
    },
    {
      "cve": "CVE-2020-25686",
      "notes": [
        {
          "category": "description",
          "text": "In dnsmasq und mehreren Cisco Produkten existieren mehrere Schwachstellen aufgrund von Buffer-Overflows und fehlerhafter Eingabepr\u00fcfungen. Ein entfernter, anonymer Angreifer kann dadurch beliebigen Code im Kontext des Dienstes zur Ausf\u00fchrung bringen oder DNS Cache-Poisoning Angriffe durchf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "2070",
          "T003264",
          "67646",
          "T006515",
          "T012215",
          "T015127",
          "T015126",
          "T004914",
          "450918",
          "T018120",
          "T018121",
          "398363",
          "T007065",
          "T013516",
          "T015518",
          "T015516",
          "T013312",
          "T012167",
          "T016785",
          "T015211",
          "T016243",
          "T017100",
          "2951",
          "T002207",
          "T000126",
          "1727"
        ]
      },
      "release_date": "2021-01-18T23:00:00.000+00:00",
      "title": "CVE-2020-25686"
    },
    {
      "cve": "CVE-2020-25687",
      "notes": [
        {
          "category": "description",
          "text": "In dnsmasq und mehreren Cisco Produkten existieren mehrere Schwachstellen aufgrund von Buffer-Overflows und fehlerhafter Eingabepr\u00fcfungen. Ein entfernter, anonymer Angreifer kann dadurch beliebigen Code im Kontext des Dienstes zur Ausf\u00fchrung bringen oder DNS Cache-Poisoning Angriffe durchf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "2070",
          "T003264",
          "67646",
          "T006515",
          "T012215",
          "T015127",
          "T015126",
          "T004914",
          "450918",
          "T018120",
          "T018121",
          "398363",
          "T007065",
          "T013516",
          "T015518",
          "T015516",
          "T013312",
          "T012167",
          "T016785",
          "T015211",
          "T016243",
          "T017100",
          "2951",
          "T002207",
          "T000126",
          "1727"
        ]
      },
      "release_date": "2021-01-18T23:00:00.000+00:00",
      "title": "CVE-2020-25687"
    }
  ]
}

CVE-2020-25685 (GCVE-0-2020-25685)

Vulnerability from cvelistv5 – Published: 2021-01-20 00:00 – Updated: 2025-11-04 19:12

Summary

A flaw was found in dnsmasq before version 2.83. When getting a reply from a forwarded query, dnsmasq checks in forward.c:reply_query(), which is the forwarded query that matches the reply, by only using a weak hash of the query name. Due to the weak hash (CRC32 when dnsmasq is compiled without DNSSEC, SHA-1 when it is) this flaw allows an off-path attacker to find several different domains all having the same hash, substantially reducing the number of attempts they would have to perform to forge a reply and get it accepted by dnsmasq. This is in contrast with RFC5452, which specifies that the query name is one of the attributes of a query that must be used to match a reply. This flaw could be abused to perform a DNS Cache Poisoning attack. If chained with CVE-2020-25684 the attack complexity of a successful attack is reduced. The highest threat from this vulnerability is to data integrity.

Severity ?

No CVSS data available.

CWE

CWE-326

Assigner

redhat

References

URL

Tags

	https://www.jsof-tech.com/disclosures/dnspooq/
	https://bugzilla.redhat.com/show_bug.cgi?id=1889688
	https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory
	https://security.gentoo.org/glsa/202101-17	vendor-advisory
	https://www.debian.org/security/2021/dsa-4844	vendor-advisory
	https://lists.fedoraproject.org/archives/list/pac…	vendor-advisory
	https://www.arista.com/en/support/advisories-noti…

Impacted products

	Vendor	Product	Version
	n/a	dnsmasq	Affected: dnsmasq 2.83

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-04T19:12:13.209Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.jsof-tech.com/disclosures/dnspooq/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1889688"
          },
          {
            "name": "FEDORA-2021-84440e87ba",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WYW3IR6APUSKOYKL5FT3ACTIHWHGQY32/"
          },
          {
            "name": "GLSA-202101-17",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202101-17"
          },
          {
            "name": "DSA-4844",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2021/dsa-4844"
          },
          {
            "name": "FEDORA-2021-2e4c3d5a9d",
            "tags": [
              "vendor-advisory",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QGB7HL3OWHTLEPSMLDGOMXQKG3KM2QME/"
          },
          {
            "tags": [
              "x_transferred"
            ],
            "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/12135-security-advisory-61"
          },
          {
            "url": "https://www.kb.cert.org/vuls/id/434904"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "dnsmasq",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "dnsmasq 2.83"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in dnsmasq before version 2.83. When getting a reply from a forwarded query, dnsmasq checks in forward.c:reply_query(), which is the forwarded query that matches the reply, by only using a weak hash of the query name. Due to the weak hash (CRC32 when dnsmasq is compiled without DNSSEC, SHA-1 when it is) this flaw allows an off-path attacker to find several different domains all having the same hash, substantially reducing the number of attempts they would have to perform to forge a reply and get it accepted by dnsmasq. This is in contrast with RFC5452, which specifies that the query name is one of the attributes of a query that must be used to match a reply. This flaw could be abused to perform a DNS Cache Poisoning attack. If chained with CVE-2020-25684 the attack complexity of a successful attack is reduced. The highest threat from this vulnerability is to data integrity."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-326",
              "description": "CWE-326",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-10-07T00:00:00.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "url": "https://www.jsof-tech.com/disclosures/dnspooq/"
        },
        {
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1889688"
        },
        {
          "name": "FEDORA-2021-84440e87ba",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WYW3IR6APUSKOYKL5FT3ACTIHWHGQY32/"
        },
        {
          "name": "GLSA-202101-17",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://security.gentoo.org/glsa/202101-17"
        },
        {
          "name": "DSA-4844",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://www.debian.org/security/2021/dsa-4844"
        },
        {
          "name": "FEDORA-2021-2e4c3d5a9d",
          "tags": [
            "vendor-advisory"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QGB7HL3OWHTLEPSMLDGOMXQKG3KM2QME/"
        },
        {
          "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/12135-security-advisory-61"
        }
      ]
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2020-25685",
    "datePublished": "2021-01-20T00:00:00.000Z",
    "dateReserved": "2020-09-16T00:00:00.000Z",
    "dateUpdated": "2025-11-04T19:12:13.209Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2020-25686 (GCVE-0-2020-25686)

Vulnerability from cvelistv5 – Published: 2021-01-20 16:47 – Updated: 2025-11-04 19:12

Summary

A flaw was found in dnsmasq before version 2.83. When receiving a query, dnsmasq does not check for an existing pending request for the same name and forwards a new request. By default, a maximum of 150 pending queries can be sent to upstream servers, so there can be at most 150 queries for the same name. This flaw allows an off-path attacker on the network to substantially reduce the number of attempts that it would have to perform to forge a reply and have it accepted by dnsmasq. This issue is mentioned in the "Birthday Attacks" section of RFC5452. If chained with CVE-2020-25684, the attack complexity of a successful attack is reduced. The highest threat from this vulnerability is to data integrity.

Severity ?

No CVSS data available.

CWE

CWE-358

Assigner

redhat

References

URL

Tags

	https://www.jsof-tech.com/disclosures/dnspooq/	x_refsource_MISC
	https://bugzilla.redhat.com/show_bug.cgi?id=1890125	x_refsource_MISC
	https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA
	https://security.gentoo.org/glsa/202101-17	vendor-advisoryx_refsource_GENTOO
	https://www.debian.org/security/2021/dsa-4844	vendor-advisoryx_refsource_DEBIAN
	https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA
	https://www.arista.com/en/support/advisories-noti…	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	dnsmasq	Affected: dnsmasq 2.83

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-04T19:12:14.331Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.jsof-tech.com/disclosures/dnspooq/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890125"
          },
          {
            "name": "FEDORA-2021-84440e87ba",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WYW3IR6APUSKOYKL5FT3ACTIHWHGQY32/"
          },
          {
            "name": "GLSA-202101-17",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202101-17"
          },
          {
            "name": "DSA-4844",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2021/dsa-4844"
          },
          {
            "name": "FEDORA-2021-2e4c3d5a9d",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QGB7HL3OWHTLEPSMLDGOMXQKG3KM2QME/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/12135-security-advisory-61"
          },
          {
            "url": "https://www.kb.cert.org/vuls/id/434904"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "dnsmasq",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "dnsmasq 2.83"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in dnsmasq before version 2.83. When receiving a query, dnsmasq does not check for an existing pending request for the same name and forwards a new request. By default, a maximum of 150 pending queries can be sent to upstream servers, so there can be at most 150 queries for the same name. This flaw allows an off-path attacker on the network to substantially reduce the number of attempts that it would have to perform to forge a reply and have it accepted by dnsmasq. This issue is mentioned in the \"Birthday Attacks\" section of RFC5452. If chained with CVE-2020-25684, the attack complexity of a successful attack is reduced. The highest threat from this vulnerability is to data integrity."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-358",
              "description": "CWE-358",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-01-25T13:52:14.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.jsof-tech.com/disclosures/dnspooq/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890125"
        },
        {
          "name": "FEDORA-2021-84440e87ba",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WYW3IR6APUSKOYKL5FT3ACTIHWHGQY32/"
        },
        {
          "name": "GLSA-202101-17",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202101-17"
        },
        {
          "name": "DSA-4844",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2021/dsa-4844"
        },
        {
          "name": "FEDORA-2021-2e4c3d5a9d",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QGB7HL3OWHTLEPSMLDGOMXQKG3KM2QME/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/12135-security-advisory-61"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2020-25686",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "dnsmasq",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "dnsmasq 2.83"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A flaw was found in dnsmasq before version 2.83. When receiving a query, dnsmasq does not check for an existing pending request for the same name and forwards a new request. By default, a maximum of 150 pending queries can be sent to upstream servers, so there can be at most 150 queries for the same name. This flaw allows an off-path attacker on the network to substantially reduce the number of attempts that it would have to perform to forge a reply and have it accepted by dnsmasq. This issue is mentioned in the \"Birthday Attacks\" section of RFC5452. If chained with CVE-2020-25684, the attack complexity of a successful attack is reduced. The highest threat from this vulnerability is to data integrity."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-358"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.jsof-tech.com/disclosures/dnspooq/",
              "refsource": "MISC",
              "url": "https://www.jsof-tech.com/disclosures/dnspooq/"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1890125",
              "refsource": "MISC",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1890125"
            },
            {
              "name": "FEDORA-2021-84440e87ba",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WYW3IR6APUSKOYKL5FT3ACTIHWHGQY32/"
            },
            {
              "name": "GLSA-202101-17",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202101-17"
            },
            {
              "name": "DSA-4844",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2021/dsa-4844"
            },
            {
              "name": "FEDORA-2021-2e4c3d5a9d",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGB7HL3OWHTLEPSMLDGOMXQKG3KM2QME/"
            },
            {
              "name": "https://www.arista.com/en/support/advisories-notices/security-advisories/12135-security-advisory-61",
              "refsource": "MISC",
              "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/12135-security-advisory-61"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2020-25686",
    "datePublished": "2021-01-20T16:47:17.000Z",
    "dateReserved": "2020-09-16T00:00:00.000Z",
    "dateUpdated": "2025-11-04T19:12:14.331Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2020-25681 (GCVE-0-2020-25681)

Vulnerability from cvelistv5 – Published: 2021-01-20 16:36 – Updated: 2025-11-04 19:12

Summary

A flaw was found in dnsmasq before version 2.83. A heap-based buffer overflow was discovered in the way RRSets are sorted before validating with DNSSEC data. An attacker on the network, who can forge DNS replies such as that they are accepted as valid, could use this flaw to cause a buffer overflow with arbitrary data in a heap memory segment, possibly executing code on the machine. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Severity ?

No CVSS data available.

CWE

CWE-122

Assigner

redhat

References

URL

Tags

	https://www.jsof-tech.com/disclosures/dnspooq/	x_refsource_MISC
	https://bugzilla.redhat.com/show_bug.cgi?id=1881875	x_refsource_MISC
	https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA
	https://security.gentoo.org/glsa/202101-17	vendor-advisoryx_refsource_GENTOO
	https://www.debian.org/security/2021/dsa-4844	vendor-advisoryx_refsource_DEBIAN
	https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA
	https://lists.debian.org/debian-lts-announce/2021…	mailing-listx_refsource_MLIST

Impacted products

	Vendor	Product	Version
	n/a	dnsmasq	Affected: dnsmasq 2.83

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-04T19:12:08.838Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.jsof-tech.com/disclosures/dnspooq/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1881875"
          },
          {
            "name": "FEDORA-2021-84440e87ba",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WYW3IR6APUSKOYKL5FT3ACTIHWHGQY32/"
          },
          {
            "name": "GLSA-202101-17",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202101-17"
          },
          {
            "name": "DSA-4844",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2021/dsa-4844"
          },
          {
            "name": "FEDORA-2021-2e4c3d5a9d",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QGB7HL3OWHTLEPSMLDGOMXQKG3KM2QME/"
          },
          {
            "name": "[debian-lts-announce] 20210322 [SECURITY] [DLA 2604-1] dnsmasq security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00027.html"
          },
          {
            "url": "https://www.kb.cert.org/vuls/id/434904"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "dnsmasq",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "dnsmasq 2.83"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in dnsmasq before version 2.83. A heap-based buffer overflow was discovered in the way RRSets are sorted before validating with DNSSEC data. An attacker on the network, who can forge DNS replies such as that they are accepted as valid, could use this flaw to cause a buffer overflow with arbitrary data in a heap memory segment, possibly executing code on the machine. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-122",
              "description": "CWE-122",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-03-22T20:06:12.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.jsof-tech.com/disclosures/dnspooq/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1881875"
        },
        {
          "name": "FEDORA-2021-84440e87ba",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WYW3IR6APUSKOYKL5FT3ACTIHWHGQY32/"
        },
        {
          "name": "GLSA-202101-17",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202101-17"
        },
        {
          "name": "DSA-4844",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2021/dsa-4844"
        },
        {
          "name": "FEDORA-2021-2e4c3d5a9d",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QGB7HL3OWHTLEPSMLDGOMXQKG3KM2QME/"
        },
        {
          "name": "[debian-lts-announce] 20210322 [SECURITY] [DLA 2604-1] dnsmasq security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00027.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2020-25681",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "dnsmasq",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "dnsmasq 2.83"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A flaw was found in dnsmasq before version 2.83. A heap-based buffer overflow was discovered in the way RRSets are sorted before validating with DNSSEC data. An attacker on the network, who can forge DNS replies such as that they are accepted as valid, could use this flaw to cause a buffer overflow with arbitrary data in a heap memory segment, possibly executing code on the machine. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-122"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.jsof-tech.com/disclosures/dnspooq/",
              "refsource": "MISC",
              "url": "https://www.jsof-tech.com/disclosures/dnspooq/"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1881875",
              "refsource": "MISC",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1881875"
            },
            {
              "name": "FEDORA-2021-84440e87ba",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WYW3IR6APUSKOYKL5FT3ACTIHWHGQY32/"
            },
            {
              "name": "GLSA-202101-17",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202101-17"
            },
            {
              "name": "DSA-4844",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2021/dsa-4844"
            },
            {
              "name": "FEDORA-2021-2e4c3d5a9d",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGB7HL3OWHTLEPSMLDGOMXQKG3KM2QME/"
            },
            {
              "name": "[debian-lts-announce] 20210322 [SECURITY] [DLA 2604-1] dnsmasq security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00027.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2020-25681",
    "datePublished": "2021-01-20T16:36:41.000Z",
    "dateReserved": "2020-09-16T00:00:00.000Z",
    "dateUpdated": "2025-11-04T19:12:08.838Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2020-25684 (GCVE-0-2020-25684)

Vulnerability from cvelistv5 – Published: 2021-01-20 15:22 – Updated: 2025-11-04 19:12

Summary

A flaw was found in dnsmasq before version 2.83. When getting a reply from a forwarded query, dnsmasq checks in the forward.c:reply_query() if the reply destination address/port is used by the pending forwarded queries. However, it does not use the address/port to retrieve the exact forwarded query, substantially reducing the number of attempts an attacker on the network would have to perform to forge a reply and get it accepted by dnsmasq. This issue contrasts with RFC5452, which specifies a query's attributes that all must be used to match a reply. This flaw allows an attacker to perform a DNS Cache Poisoning attack. If chained with CVE-2020-25685 or CVE-2020-25686, the attack complexity of a successful attack is reduced. The highest threat from this vulnerability is to data integrity.

Severity ?

No CVSS data available.

CWE

CWE-358

Assigner

redhat

References

URL

Tags

	https://bugzilla.redhat.com/show_bug.cgi?id=1889686	x_refsource_MISC
	https://www.jsof-tech.com/disclosures/dnspooq/	x_refsource_MISC
	https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA
	https://security.gentoo.org/glsa/202101-17	vendor-advisoryx_refsource_GENTOO
	https://www.debian.org/security/2021/dsa-4844	vendor-advisoryx_refsource_DEBIAN
	https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA
	https://lists.debian.org/debian-lts-announce/2021…	mailing-listx_refsource_MLIST
	https://www.arista.com/en/support/advisories-noti…	x_refsource_MISC

Impacted products

	Vendor	Product	Version
	n/a	dnsmasq	Affected: dnsmasq 2.83

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-04T19:12:12.109Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1889686"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.jsof-tech.com/disclosures/dnspooq/"
          },
          {
            "name": "FEDORA-2021-84440e87ba",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WYW3IR6APUSKOYKL5FT3ACTIHWHGQY32/"
          },
          {
            "name": "GLSA-202101-17",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202101-17"
          },
          {
            "name": "DSA-4844",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2021/dsa-4844"
          },
          {
            "name": "FEDORA-2021-2e4c3d5a9d",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QGB7HL3OWHTLEPSMLDGOMXQKG3KM2QME/"
          },
          {
            "name": "[debian-lts-announce] 20210322 [SECURITY] [DLA 2604-1] dnsmasq security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00027.html"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/12135-security-advisory-61"
          },
          {
            "url": "https://www.kb.cert.org/vuls/id/434904"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "dnsmasq",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "dnsmasq 2.83"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in dnsmasq before version 2.83. When getting a reply from a forwarded query, dnsmasq checks in the forward.c:reply_query() if the reply destination address/port is used by the pending forwarded queries. However, it does not use the address/port to retrieve the exact forwarded query, substantially reducing the number of attempts an attacker on the network would have to perform to forge a reply and get it accepted by dnsmasq. This issue contrasts with RFC5452, which specifies a query\u0027s attributes that all must be used to match a reply. This flaw allows an attacker to perform a DNS Cache Poisoning attack. If chained with CVE-2020-25685 or CVE-2020-25686, the attack complexity of a successful attack is reduced. The highest threat from this vulnerability is to data integrity."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-358",
              "description": "CWE-358",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2022-01-25T13:52:07.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1889686"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.jsof-tech.com/disclosures/dnspooq/"
        },
        {
          "name": "FEDORA-2021-84440e87ba",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WYW3IR6APUSKOYKL5FT3ACTIHWHGQY32/"
        },
        {
          "name": "GLSA-202101-17",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202101-17"
        },
        {
          "name": "DSA-4844",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2021/dsa-4844"
        },
        {
          "name": "FEDORA-2021-2e4c3d5a9d",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QGB7HL3OWHTLEPSMLDGOMXQKG3KM2QME/"
        },
        {
          "name": "[debian-lts-announce] 20210322 [SECURITY] [DLA 2604-1] dnsmasq security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00027.html"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/12135-security-advisory-61"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2020-25684",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "dnsmasq",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "dnsmasq 2.83"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A flaw was found in dnsmasq before version 2.83. When getting a reply from a forwarded query, dnsmasq checks in the forward.c:reply_query() if the reply destination address/port is used by the pending forwarded queries. However, it does not use the address/port to retrieve the exact forwarded query, substantially reducing the number of attempts an attacker on the network would have to perform to forge a reply and get it accepted by dnsmasq. This issue contrasts with RFC5452, which specifies a query\u0027s attributes that all must be used to match a reply. This flaw allows an attacker to perform a DNS Cache Poisoning attack. If chained with CVE-2020-25685 or CVE-2020-25686, the attack complexity of a successful attack is reduced. The highest threat from this vulnerability is to data integrity."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-358"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1889686",
              "refsource": "MISC",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1889686"
            },
            {
              "name": "https://www.jsof-tech.com/disclosures/dnspooq/",
              "refsource": "MISC",
              "url": "https://www.jsof-tech.com/disclosures/dnspooq/"
            },
            {
              "name": "FEDORA-2021-84440e87ba",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WYW3IR6APUSKOYKL5FT3ACTIHWHGQY32/"
            },
            {
              "name": "GLSA-202101-17",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202101-17"
            },
            {
              "name": "DSA-4844",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2021/dsa-4844"
            },
            {
              "name": "FEDORA-2021-2e4c3d5a9d",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGB7HL3OWHTLEPSMLDGOMXQKG3KM2QME/"
            },
            {
              "name": "[debian-lts-announce] 20210322 [SECURITY] [DLA 2604-1] dnsmasq security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00027.html"
            },
            {
              "name": "https://www.arista.com/en/support/advisories-notices/security-advisories/12135-security-advisory-61",
              "refsource": "MISC",
              "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/12135-security-advisory-61"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2020-25684",
    "datePublished": "2021-01-20T15:22:21.000Z",
    "dateReserved": "2020-09-16T00:00:00.000Z",
    "dateUpdated": "2025-11-04T19:12:12.109Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2020-25687 (GCVE-0-2020-25687)

Vulnerability from cvelistv5 – Published: 2021-01-20 16:31 – Updated: 2025-11-04 19:12

Summary

A flaw was found in dnsmasq before version 2.83. A heap-based buffer overflow was discovered in dnsmasq when DNSSEC is enabled and before it validates the received DNS entries. This flaw allows a remote attacker, who can create valid DNS replies, to cause an overflow in a heap-allocated memory. This flaw is caused by the lack of length checks in rfc1035.c:extract_name(), which could be abused to make the code execute memcpy() with a negative size in sort_rrset() and cause a crash in dnsmasq, resulting in a denial of service. The highest threat from this vulnerability is to system availability.

Severity ?

No CVSS data available.

CWE

CWE-122

Assigner

redhat

References

URL

Tags

	https://www.jsof-tech.com/disclosures/dnspooq/	x_refsource_MISC
	https://bugzilla.redhat.com/show_bug.cgi?id=1891568	x_refsource_MISC
	https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA
	https://security.gentoo.org/glsa/202101-17	vendor-advisoryx_refsource_GENTOO
	https://www.debian.org/security/2021/dsa-4844	vendor-advisoryx_refsource_DEBIAN
	https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA
	https://lists.debian.org/debian-lts-announce/2021…	mailing-listx_refsource_MLIST

Impacted products

	Vendor	Product	Version
	n/a	dnsmasq	Affected: dnsmasq 2.83

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-04T19:12:15.417Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.jsof-tech.com/disclosures/dnspooq/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1891568"
          },
          {
            "name": "FEDORA-2021-84440e87ba",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WYW3IR6APUSKOYKL5FT3ACTIHWHGQY32/"
          },
          {
            "name": "GLSA-202101-17",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202101-17"
          },
          {
            "name": "DSA-4844",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2021/dsa-4844"
          },
          {
            "name": "FEDORA-2021-2e4c3d5a9d",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QGB7HL3OWHTLEPSMLDGOMXQKG3KM2QME/"
          },
          {
            "name": "[debian-lts-announce] 20210322 [SECURITY] [DLA 2604-1] dnsmasq security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00027.html"
          },
          {
            "url": "https://www.kb.cert.org/vuls/id/434904"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "dnsmasq",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "dnsmasq 2.83"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in dnsmasq before version 2.83. A heap-based buffer overflow was discovered in dnsmasq when DNSSEC is enabled and before it validates the received DNS entries. This flaw allows a remote attacker, who can create valid DNS replies, to cause an overflow in a heap-allocated memory. This flaw is caused by the lack of length checks in rfc1035.c:extract_name(), which could be abused to make the code execute memcpy() with a negative size in sort_rrset() and cause a crash in dnsmasq, resulting in a denial of service. The highest threat from this vulnerability is to system availability."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-122",
              "description": "CWE-122",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-03-22T20:06:14.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.jsof-tech.com/disclosures/dnspooq/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1891568"
        },
        {
          "name": "FEDORA-2021-84440e87ba",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WYW3IR6APUSKOYKL5FT3ACTIHWHGQY32/"
        },
        {
          "name": "GLSA-202101-17",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202101-17"
        },
        {
          "name": "DSA-4844",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2021/dsa-4844"
        },
        {
          "name": "FEDORA-2021-2e4c3d5a9d",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QGB7HL3OWHTLEPSMLDGOMXQKG3KM2QME/"
        },
        {
          "name": "[debian-lts-announce] 20210322 [SECURITY] [DLA 2604-1] dnsmasq security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00027.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2020-25687",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "dnsmasq",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "dnsmasq 2.83"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A flaw was found in dnsmasq before version 2.83. A heap-based buffer overflow was discovered in dnsmasq when DNSSEC is enabled and before it validates the received DNS entries. This flaw allows a remote attacker, who can create valid DNS replies, to cause an overflow in a heap-allocated memory. This flaw is caused by the lack of length checks in rfc1035.c:extract_name(), which could be abused to make the code execute memcpy() with a negative size in sort_rrset() and cause a crash in dnsmasq, resulting in a denial of service. The highest threat from this vulnerability is to system availability."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-122"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.jsof-tech.com/disclosures/dnspooq/",
              "refsource": "MISC",
              "url": "https://www.jsof-tech.com/disclosures/dnspooq/"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1891568",
              "refsource": "MISC",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1891568"
            },
            {
              "name": "FEDORA-2021-84440e87ba",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WYW3IR6APUSKOYKL5FT3ACTIHWHGQY32/"
            },
            {
              "name": "GLSA-202101-17",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202101-17"
            },
            {
              "name": "DSA-4844",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2021/dsa-4844"
            },
            {
              "name": "FEDORA-2021-2e4c3d5a9d",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGB7HL3OWHTLEPSMLDGOMXQKG3KM2QME/"
            },
            {
              "name": "[debian-lts-announce] 20210322 [SECURITY] [DLA 2604-1] dnsmasq security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00027.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2020-25687",
    "datePublished": "2021-01-20T16:31:41.000Z",
    "dateReserved": "2020-09-16T00:00:00.000Z",
    "dateUpdated": "2025-11-04T19:12:15.417Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2020-25682 (GCVE-0-2020-25682)

Vulnerability from cvelistv5 – Published: 2021-01-20 16:28 – Updated: 2025-11-04 19:12

Summary

A flaw was found in dnsmasq before 2.83. A buffer overflow vulnerability was discovered in the way dnsmasq extract names from DNS packets before validating them with DNSSEC data. An attacker on the network, who can create valid DNS replies, could use this flaw to cause an overflow with arbitrary data in a heap-allocated memory, possibly executing code on the machine. The flaw is in the rfc1035.c:extract_name() function, which writes data to the memory pointed by name assuming MAXDNAME*2 bytes are available in the buffer. However, in some code execution paths, it is possible extract_name() gets passed an offset from the base buffer, thus reducing, in practice, the number of available bytes that can be written in the buffer. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Severity ?

No CVSS data available.

CWE

CWE-122

Assigner

redhat

References

URL

Tags

	https://www.jsof-tech.com/disclosures/dnspooq/	x_refsource_MISC
	https://bugzilla.redhat.com/show_bug.cgi?id=1882014	x_refsource_MISC
	https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA
	https://security.gentoo.org/glsa/202101-17	vendor-advisoryx_refsource_GENTOO
	https://www.debian.org/security/2021/dsa-4844	vendor-advisoryx_refsource_DEBIAN
	https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA
	https://lists.debian.org/debian-lts-announce/2021…	mailing-listx_refsource_MLIST

Impacted products

	Vendor	Product	Version
	n/a	dnsmasq	Affected: dnsmasq 2.83

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-04T19:12:09.915Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.jsof-tech.com/disclosures/dnspooq/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1882014"
          },
          {
            "name": "FEDORA-2021-84440e87ba",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WYW3IR6APUSKOYKL5FT3ACTIHWHGQY32/"
          },
          {
            "name": "GLSA-202101-17",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202101-17"
          },
          {
            "name": "DSA-4844",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2021/dsa-4844"
          },
          {
            "name": "FEDORA-2021-2e4c3d5a9d",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QGB7HL3OWHTLEPSMLDGOMXQKG3KM2QME/"
          },
          {
            "name": "[debian-lts-announce] 20210322 [SECURITY] [DLA 2604-1] dnsmasq security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00027.html"
          },
          {
            "url": "https://www.kb.cert.org/vuls/id/434904"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "dnsmasq",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "dnsmasq 2.83"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in dnsmasq before 2.83. A buffer overflow vulnerability was discovered in the way dnsmasq extract names from DNS packets before validating them with DNSSEC data. An attacker on the network, who can create valid DNS replies, could use this flaw to cause an overflow with arbitrary data in a heap-allocated memory, possibly executing code on the machine. The flaw is in the rfc1035.c:extract_name() function, which writes data to the memory pointed by name assuming MAXDNAME*2 bytes are available in the buffer. However, in some code execution paths, it is possible extract_name() gets passed an offset from the base buffer, thus reducing, in practice, the number of available bytes that can be written in the buffer. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-122",
              "description": "CWE-122",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-03-22T20:06:12.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.jsof-tech.com/disclosures/dnspooq/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1882014"
        },
        {
          "name": "FEDORA-2021-84440e87ba",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WYW3IR6APUSKOYKL5FT3ACTIHWHGQY32/"
        },
        {
          "name": "GLSA-202101-17",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202101-17"
        },
        {
          "name": "DSA-4844",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2021/dsa-4844"
        },
        {
          "name": "FEDORA-2021-2e4c3d5a9d",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QGB7HL3OWHTLEPSMLDGOMXQKG3KM2QME/"
        },
        {
          "name": "[debian-lts-announce] 20210322 [SECURITY] [DLA 2604-1] dnsmasq security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00027.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2020-25682",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "dnsmasq",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "dnsmasq 2.83"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A flaw was found in dnsmasq before 2.83. A buffer overflow vulnerability was discovered in the way dnsmasq extract names from DNS packets before validating them with DNSSEC data. An attacker on the network, who can create valid DNS replies, could use this flaw to cause an overflow with arbitrary data in a heap-allocated memory, possibly executing code on the machine. The flaw is in the rfc1035.c:extract_name() function, which writes data to the memory pointed by name assuming MAXDNAME*2 bytes are available in the buffer. However, in some code execution paths, it is possible extract_name() gets passed an offset from the base buffer, thus reducing, in practice, the number of available bytes that can be written in the buffer. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-122"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.jsof-tech.com/disclosures/dnspooq/",
              "refsource": "MISC",
              "url": "https://www.jsof-tech.com/disclosures/dnspooq/"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1882014",
              "refsource": "MISC",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1882014"
            },
            {
              "name": "FEDORA-2021-84440e87ba",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WYW3IR6APUSKOYKL5FT3ACTIHWHGQY32/"
            },
            {
              "name": "GLSA-202101-17",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202101-17"
            },
            {
              "name": "DSA-4844",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2021/dsa-4844"
            },
            {
              "name": "FEDORA-2021-2e4c3d5a9d",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGB7HL3OWHTLEPSMLDGOMXQKG3KM2QME/"
            },
            {
              "name": "[debian-lts-announce] 20210322 [SECURITY] [DLA 2604-1] dnsmasq security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00027.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2020-25682",
    "datePublished": "2021-01-20T16:28:38.000Z",
    "dateReserved": "2020-09-16T00:00:00.000Z",
    "dateUpdated": "2025-11-04T19:12:09.915Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

CVE-2020-25683 (GCVE-0-2020-25683)

Vulnerability from cvelistv5 – Published: 2021-01-20 15:25 – Updated: 2025-11-04 19:12

Summary

A flaw was found in dnsmasq before version 2.83. A heap-based buffer overflow was discovered in dnsmasq when DNSSEC is enabled and before it validates the received DNS entries. A remote attacker, who can create valid DNS replies, could use this flaw to cause an overflow in a heap-allocated memory. This flaw is caused by the lack of length checks in rfc1035.c:extract_name(), which could be abused to make the code execute memcpy() with a negative size in get_rdata() and cause a crash in dnsmasq, resulting in a denial of service. The highest threat from this vulnerability is to system availability.

Severity ?

No CVSS data available.

CWE

CWE-122

Assigner

redhat

References

URL

Tags

	https://www.jsof-tech.com/disclosures/dnspooq/	x_refsource_MISC
	https://bugzilla.redhat.com/show_bug.cgi?id=1882018	x_refsource_MISC
	https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA
	https://security.gentoo.org/glsa/202101-17	vendor-advisoryx_refsource_GENTOO
	https://www.debian.org/security/2021/dsa-4844	vendor-advisoryx_refsource_DEBIAN
	https://lists.fedoraproject.org/archives/list/pac…	vendor-advisoryx_refsource_FEDORA
	https://lists.debian.org/debian-lts-announce/2021…	mailing-listx_refsource_MLIST

Impacted products

	Vendor	Product	Version
	n/a	dnsmasq	Affected: dnsmasq 2.83

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2025-11-04T19:12:11.018Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://www.jsof-tech.com/disclosures/dnspooq/"
          },
          {
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1882018"
          },
          {
            "name": "FEDORA-2021-84440e87ba",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WYW3IR6APUSKOYKL5FT3ACTIHWHGQY32/"
          },
          {
            "name": "GLSA-202101-17",
            "tags": [
              "vendor-advisory",
              "x_refsource_GENTOO",
              "x_transferred"
            ],
            "url": "https://security.gentoo.org/glsa/202101-17"
          },
          {
            "name": "DSA-4844",
            "tags": [
              "vendor-advisory",
              "x_refsource_DEBIAN",
              "x_transferred"
            ],
            "url": "https://www.debian.org/security/2021/dsa-4844"
          },
          {
            "name": "FEDORA-2021-2e4c3d5a9d",
            "tags": [
              "vendor-advisory",
              "x_refsource_FEDORA",
              "x_transferred"
            ],
            "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QGB7HL3OWHTLEPSMLDGOMXQKG3KM2QME/"
          },
          {
            "name": "[debian-lts-announce] 20210322 [SECURITY] [DLA 2604-1] dnsmasq security update",
            "tags": [
              "mailing-list",
              "x_refsource_MLIST",
              "x_transferred"
            ],
            "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00027.html"
          },
          {
            "url": "https://www.kb.cert.org/vuls/id/434904"
          }
        ],
        "title": "CVE Program Container"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "dnsmasq",
          "vendor": "n/a",
          "versions": [
            {
              "status": "affected",
              "version": "dnsmasq 2.83"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "A flaw was found in dnsmasq before version 2.83. A heap-based buffer overflow was discovered in dnsmasq when DNSSEC is enabled and before it validates the received DNS entries. A remote attacker, who can create valid DNS replies, could use this flaw to cause an overflow in a heap-allocated memory. This flaw is caused by the lack of length checks in rfc1035.c:extract_name(), which could be abused to make the code execute memcpy() with a negative size in get_rdata() and cause a crash in dnsmasq, resulting in a denial of service. The highest threat from this vulnerability is to system availability."
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-122",
              "description": "CWE-122",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2021-03-22T20:06:15.000Z",
        "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
        "shortName": "redhat"
      },
      "references": [
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://www.jsof-tech.com/disclosures/dnspooq/"
        },
        {
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1882018"
        },
        {
          "name": "FEDORA-2021-84440e87ba",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WYW3IR6APUSKOYKL5FT3ACTIHWHGQY32/"
        },
        {
          "name": "GLSA-202101-17",
          "tags": [
            "vendor-advisory",
            "x_refsource_GENTOO"
          ],
          "url": "https://security.gentoo.org/glsa/202101-17"
        },
        {
          "name": "DSA-4844",
          "tags": [
            "vendor-advisory",
            "x_refsource_DEBIAN"
          ],
          "url": "https://www.debian.org/security/2021/dsa-4844"
        },
        {
          "name": "FEDORA-2021-2e4c3d5a9d",
          "tags": [
            "vendor-advisory",
            "x_refsource_FEDORA"
          ],
          "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QGB7HL3OWHTLEPSMLDGOMXQKG3KM2QME/"
        },
        {
          "name": "[debian-lts-announce] 20210322 [SECURITY] [DLA 2604-1] dnsmasq security update",
          "tags": [
            "mailing-list",
            "x_refsource_MLIST"
          ],
          "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00027.html"
        }
      ],
      "x_legacyV4Record": {
        "CVE_data_meta": {
          "ASSIGNER": "secalert@redhat.com",
          "ID": "CVE-2020-25683",
          "STATE": "PUBLIC"
        },
        "affects": {
          "vendor": {
            "vendor_data": [
              {
                "product": {
                  "product_data": [
                    {
                      "product_name": "dnsmasq",
                      "version": {
                        "version_data": [
                          {
                            "version_value": "dnsmasq 2.83"
                          }
                        ]
                      }
                    }
                  ]
                },
                "vendor_name": "n/a"
              }
            ]
          }
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "eng",
              "value": "A flaw was found in dnsmasq before version 2.83. A heap-based buffer overflow was discovered in dnsmasq when DNSSEC is enabled and before it validates the received DNS entries. A remote attacker, who can create valid DNS replies, could use this flaw to cause an overflow in a heap-allocated memory. This flaw is caused by the lack of length checks in rfc1035.c:extract_name(), which could be abused to make the code execute memcpy() with a negative size in get_rdata() and cause a crash in dnsmasq, resulting in a denial of service. The highest threat from this vulnerability is to system availability."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "eng",
                  "value": "CWE-122"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://www.jsof-tech.com/disclosures/dnspooq/",
              "refsource": "MISC",
              "url": "https://www.jsof-tech.com/disclosures/dnspooq/"
            },
            {
              "name": "https://bugzilla.redhat.com/show_bug.cgi?id=1882018",
              "refsource": "MISC",
              "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1882018"
            },
            {
              "name": "FEDORA-2021-84440e87ba",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WYW3IR6APUSKOYKL5FT3ACTIHWHGQY32/"
            },
            {
              "name": "GLSA-202101-17",
              "refsource": "GENTOO",
              "url": "https://security.gentoo.org/glsa/202101-17"
            },
            {
              "name": "DSA-4844",
              "refsource": "DEBIAN",
              "url": "https://www.debian.org/security/2021/dsa-4844"
            },
            {
              "name": "FEDORA-2021-2e4c3d5a9d",
              "refsource": "FEDORA",
              "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGB7HL3OWHTLEPSMLDGOMXQKG3KM2QME/"
            },
            {
              "name": "[debian-lts-announce] 20210322 [SECURITY] [DLA 2604-1] dnsmasq security update",
              "refsource": "MLIST",
              "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00027.html"
            }
          ]
        }
      }
    }
  },
  "cveMetadata": {
    "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
    "assignerShortName": "redhat",
    "cveId": "CVE-2020-25683",
    "datePublished": "2021-01-20T15:25:04.000Z",
    "dateReserved": "2020-09-16T00:00:00.000Z",
    "dateUpdated": "2025-11-04T19:12:11.018Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Tags

Taxonomy of the tags.

All sightings related to this event Export sightings related to this event

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

WID-SEC-W-2023-2836

CVE-2020-25685 (GCVE-0-2020-25685)

CVE-2020-25686 (GCVE-0-2020-25686)

CVE-2020-25681 (GCVE-0-2020-25681)

CVE-2020-25684 (GCVE-0-2020-25684)

CVE-2020-25687 (GCVE-0-2020-25687)

CVE-2020-25682 (GCVE-0-2020-25682)

CVE-2020-25683 (GCVE-0-2020-25683)

Tags

Sightings

Nomenclature