Vulnerability CVE-2020-25681

Vulnerability Name:

CVE-2020-25681 (CCN-195078)

Assigned:

2020-09-16

Published:

2021-01-19

Updated:

2021-03-26

Summary:

A flaw was found in dnsmasq before version 2.83. A heap-based buffer overflow was discovered in the way RRSets are sorted before validating with DNSSEC data. An attacker on the network, who can forge DNS replies such as that they are accepted as valid, could use this flaw to cause a buffer overflow with arbitrary data in a heap memory segment, possibly executing code on the machine. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

CVSS v3 Severity:

8.1 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)
7.1 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): High Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

8.1 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)
7.1 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): High Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

8.1 High (REDHAT CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)
7.1 High (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): High Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

CVSS v2 Severity:

8.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Complete

7.6 High (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): High Athentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

Vulnerability Type:

CWE-122

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2020-25681

Source: CCN
Type: US-CERT VU#434904
Dnsmasq is vulnerable to memory corruption and cache poisoning

Source: CCN
Type: dnsmasq Web site
dnsmasq

Source: MISC
Type: Issue Tracking, Patch, Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1881875

Source: XF
Type: UNKNOWN
dnsmasq-cve202025681-bo(195078)

Source: MLIST
Type: Mailing List, Third Party Advisory
[debian-lts-announce] 20210322 [SECURITY] [DLA 2604-1] dnsmasq security update

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2021-2e4c3d5a9d

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2021-84440e87ba

Source: CCN
Type: oss-sec Mailing List, Tue, 19 Jan 2021 13:30:49 +0100
Multiple CVEs in dnsmasq fixed in version 2.83

Source: GENTOO
Type: Third Party Advisory
GLSA-202101-17

Source: CCN
Type: Cisco Security Advisory cisco-sa-dnsmasq-dns-2021-c5mrdf3g
Multiple Vulnerabilities in dnsmasq DNS Forwarder Affecting Cisco Products: January 2021

Source: CCN
Type: ICSA-21-019-02
Dnsmasq by Simon Kelley

Source: DEBIAN
Type: Third Party Advisory
DSA-4844

Source: CCN
Type: JSOF web site
DNSpooq - Kaminsky attack is back!

Source: MISC
Type: Third Party Advisory
https://www.jsof-tech.com/disclosures/dnspooq/

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2020-25681

Vulnerable Configuration:

Configuration 1:

cpe:/a:thekelleys:dnsmasq:*:*:*:*:*:*:*:* (Version < 2.83)

Configuration 2:

cpe:/o:fedoraproject:fedora:32:*:*:*:*:*:*:*

OR cpe:/o:fedoraproject:fedora:33:*:*:*:*:*:*:*

Configuration 3:

cpe:/o:debian:debian_linux:9.0:*:*:*:*:*:*:*

OR cpe:/o:debian:debian_linux:10.0:*:*:*:*:*:*:*

Configuration RedHat 1:

cpe:/a:redhat:enterprise_linux:8:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/a:redhat:enterprise_linux:8::appstream:*:*:*:*:*

Configuration CCN 1:

cpe:/a:thekelleys:dnsmasq:2.80:*:*:*:*:*:*:*

OR cpe:/a:thekelleys:dnsmasq:2.82:*:*:*:*:*:*:*

OR cpe:/a:thekelleys:dnsmasq:2.81:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:7484	P	dnsmasq-2.86-150400.14.3 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:51564	P	Security update for kubevirt stack (Important)	2022-11-21
oval:org.opensuse.security:def:3233	P	libpng12-0-1.2.50-19.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3410	P	xscreensaver-5.22-7.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:94522	P	coreutils-8.32-150400.7.5 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:2909	P	dnsmasq-2.86-150400.14.3 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:94539	P	dnsmasq-2.86-150400.14.3 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:45	P	dnsmasq-2.78-7.6.1 on GA media (Moderate)	2022-06-13
oval:org.opensuse.security:def:95237	P	Security update for postgresql14 (Important)	2022-06-01
oval:org.opensuse.security:def:101950	P	Security update for the Linux Kernel (Live Patch 15 for SLE 15 SP3) (Important)	2022-03-30
oval:org.opensuse.security:def:974	P	Security update for openssl-1_1 (Important)	2022-03-16
oval:org.opensuse.security:def:112160	P	dnsmasq-2.86-1.1 on GA media (Moderate)	2022-01-17
oval:org.opensuse.security:def:105696	P	dnsmasq-2.86-1.1 on GA media (Moderate)	2021-10-01
oval:org.opensuse.security:def:100821	P	dnsmasq-2.78-7.6.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:71804	P	dnsmasq-2.78-7.6.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:101235	P	sane-backends-1.0.32-6.6.2 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:62063	P	dnsmasq-2.78-7.6.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:110649	P	Security update for dnsmasq (Important)	2021-01-20
oval:org.opensuse.security:def:111051	P	Security update for dnsmasq (Important)	2021-01-20
oval:org.opensuse.security:def:31177	P	Security update for dnsmasq (Important)	2021-01-19
oval:org.opensuse.security:def:59476	P	Security update for dnsmasq (Important)	2021-01-19
oval:org.opensuse.security:def:21393	P	Security update for dnsmasq (Important)	2021-01-19
oval:org.opensuse.security:def:54738	P	Security update for dnsmasq (Important)	2021-01-19
oval:org.opensuse.security:def:88433	P	Security update for dnsmasq (Important)	2021-01-19
oval:org.opensuse.security:def:104126	P	Security update for dnsmasq (Important)	2021-01-19
oval:org.opensuse.security:def:75557	P	Security update for dnsmasq (Important)	2021-01-19
oval:org.opensuse.security:def:84144	P	Security update for dnsmasq (Important)	2021-01-19
oval:com.redhat.rhsa:def:20210150	P	RHSA-2021:0150: dnsmasq security update (Important)	2021-01-19
oval:org.opensuse.security:def:5689	P	Security update for dnsmasq (Important)	2021-01-19
oval:org.opensuse.security:def:91196	P	Security update for dnsmasq (Important)	2021-01-19
oval:org.opensuse.security:def:33653	P	Security update for dnsmasq (Important)	2021-01-19
oval:org.opensuse.security:def:64322	P	Security update for dnsmasq (Important)	2021-01-19
oval:org.opensuse.security:def:117416	P	Security update for dnsmasq (Important)	2021-01-19
oval:org.opensuse.security:def:28915	P	Security update for dnsmasq (Important)	2021-01-19
oval:org.opensuse.security:def:57447	P	Security update for dnsmasq (Important)	2021-01-19
oval:org.opensuse.security:def:98161	P	Security update for dnsmasq (Important)	2021-01-19
oval:org.opensuse.security:def:38127	P	Security update for dnsmasq (Important)	2021-01-19
oval:org.opensuse.security:def:51141	P	Security update for dnsmasq (Important)	2021-01-19
oval:org.opensuse.security:def:86560	P	Security update for dnsmasq (Important)	2021-01-19
oval:org.opensuse.security:def:82122	P	Security update for dnsmasq (Important)	2021-01-19
oval:org.opensuse.security:def:69465	P	Security update for dnsmasq (Important)	2021-01-19
oval:org.opensuse.security:def:31624	P	Security update for dnsmasq (Important)	2021-01-19
oval:org.opensuse.security:def:59734	P	Security update for dnsmasq (Important)	2021-01-19
oval:org.opensuse.security:def:23153	P	Security update for dnsmasq (Important)	2021-01-19
oval:org.opensuse.security:def:55189	P	Security update for dnsmasq (Important)	2021-01-19
oval:org.opensuse.security:def:89131	P	Security update for dnsmasq (Important)	2021-01-19
oval:org.opensuse.security:def:104851	P	Security update for dnsmasq (Important)	2021-01-19
oval:org.opensuse.security:def:75846	P	Security update for dnsmasq (Important)	2021-01-19
oval:org.opensuse.security:def:84602	P	Security update for dnsmasq (Important)	2021-01-19
oval:org.opensuse.security:def:96947	P	Security update for dnsmasq (Important)	2021-01-19
oval:org.opensuse.security:def:8580	P	Security update for dnsmasq (Important)	2021-01-19
oval:org.opensuse.security:def:33911	P	Security update for dnsmasq (Important)	2021-01-19
oval:org.opensuse.security:def:64499	P	Security update for dnsmasq (Important)	2021-01-19
oval:org.opensuse.security:def:125537	P	Security update for dnsmasq (Important)	2021-01-19
oval:org.opensuse.security:def:29366	P	Security update for dnsmasq (Important)	2021-01-19
oval:org.opensuse.security:def:57919	P	Security update for dnsmasq (Important)	2021-01-19
oval:org.opensuse.security:def:40127	P	Security update for dnsmasq (Important)	2021-01-19
oval:org.opensuse.security:def:87385	P	Security update for dnsmasq (Important)	2021-01-19
oval:org.opensuse.security:def:73444	P	Security update for dnsmasq (Important)	2021-01-19
oval:org.opensuse.security:def:82573	P	Security update for dnsmasq (Important)	2021-01-19
oval:org.opensuse.security:def:70219	P	Security update for dnsmasq (Important)	2021-01-19
oval:org.opensuse.security:def:32096	P	Security update for dnsmasq (Important)	2021-01-19
oval:org.opensuse.security:def:60259	P	Security update for dnsmasq (Important)	2021-01-19
oval:org.opensuse.security:def:23576	P	Security update for dnsmasq (Important)	2021-01-19
oval:org.opensuse.security:def:55826	P	Security update for dnsmasq (Important)	2021-01-19
oval:org.opensuse.security:def:89389	P	Security update for dnsmasq (Important)	2021-01-19
oval:org.opensuse.security:def:107901	P	Security update for dnsmasq (Important)	2021-01-19
oval:org.opensuse.security:def:44557	P	Security update for dnsmasq (Important)	2021-01-19
oval:org.opensuse.security:def:85641	P	Security update for dnsmasq (Important)	2021-01-19
oval:org.opensuse.security:def:96951	P	Security update for dnsmasq (Important)	2021-01-19
oval:org.opensuse.security:def:9325	P	Security update for dnsmasq (Important)	2021-01-19
oval:org.opensuse.security:def:34436	P	Security update for dnsmasq (Important)	2021-01-19
oval:org.opensuse.security:def:66489	P	Security update for dnsmasq (Important)	2021-01-19
oval:org.opensuse.security:def:126707	P	Security update for dnsmasq (Important)	2021-01-19
oval:org.opensuse.security:def:30003	P	Security update for dnsmasq (Important)	2021-01-19
oval:org.opensuse.security:def:58744	P	Security update for dnsmasq (Important)	2021-01-19
oval:org.opensuse.security:def:41275	P	Security update for dnsmasq (Important)	2021-01-19
oval:org.opensuse.security:def:51892	P	Security update for dnsmasq (Important)	2021-01-19
oval:org.opensuse.security:def:88120	P	Security update for dnsmasq (Important)	2021-01-19
oval:org.opensuse.security:def:73621	P	Security update for dnsmasq (Important)	2021-01-19
oval:org.opensuse.security:def:83210	P	Security update for dnsmasq (Important)	2021-01-19
oval:org.opensuse.security:def:5400	P	Security update for dnsmasq (Important)	2021-01-19
oval:org.opensuse.security:def:90471	P	Security update for dnsmasq (Important)	2021-01-19
oval:org.opensuse.security:def:32921	P	Security update for dnsmasq (Important)	2021-01-19
oval:org.opensuse.security:def:23904	P	Security update for dnsmasq (Important)	2021-01-19
oval:org.opensuse.security:def:57000	P	Security update for dnsmasq (Important)	2021-01-19
oval:org.opensuse.security:def:97436	P	Security update for dnsmasq (Important)	2021-01-19
oval:org.opensuse.security:def:108616	P	Security update for dnsmasq (Important)	2021-01-19
oval:org.opensuse.security:def:45705	P	Security update for dnsmasq (Important)	2021-01-19
oval:org.opensuse.security:def:86088	P	Security update for dnsmasq (Important)	2021-01-19
oval:org.opensuse.security:def:10079	P	Security update for dnsmasq (Important)	2021-01-19
oval:org.opensuse.security:def:81075	P	Security update for dnsmasq (Important)	2021-01-19
oval:org.opensuse.security:def:66778	P	Security update for dnsmasq (Important)	2021-01-19
oval:org.opensuse.security:def:127104	P	Security update for dnsmasq (Important)	2021-01-19

BACK