Vulnerability CVE-2020-25682

Vulnerability Name:

CVE-2020-25682 (CCN-195079)

Assigned:

2020-09-16

Published:

2021-01-19

Updated:

2021-03-26

Summary:

A flaw was found in dnsmasq before 2.83. A buffer overflow vulnerability was discovered in the way dnsmasq extract names from DNS packets before validating them with DNSSEC data. An attacker on the network, who can create valid DNS replies, could use this flaw to cause an overflow with arbitrary data in a heap-allocated memory, possibly executing code on the machine. The flaw is in the rfc1035.c:extract_name() function, which writes data to the memory pointed by name assuming MAXDNAME*2 bytes are available in the buffer. However, in some code execution paths, it is possible extract_name() gets passed an offset from the base buffer, thus reducing, in practice, the number of available bytes that can be written in the buffer. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

CVSS v3 Severity:

8.1 High (CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)
7.1 High (Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): High Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

8.1 High (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)
7.1 High (CCN Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): High Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

8.1 High (REDHAT CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H)
7.1 High (REDHAT Temporal CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H/E:U/RL:O/RC:C)

Exploitability Metrics:	Attack Vector (AV): Network Attack Complexity (AC): High Privileges Required (PR): None User Interaction (UI): None
Scope:	Scope (S): Unchanged
Impact Metrics:	Confidentiality (C): High Integrity (I): High Availibility (A): High

CVSS v2 Severity:

8.3 High (CVSS v2 Vector: AV:N/AC:M/Au:N/C:P/I:P/A:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): Medium Authentication (Au): None
Impact Metrics:	Confidentiality (C): Partial Integrity (I): Partial Availibility (A): Complete

7.6 High (CCN CVSS v2 Vector: AV:N/AC:H/Au:N/C:C/I:C/A:C)

Exploitability Metrics:	Access Vector (AV): Network Access Complexity (AC): High Athentication (Au): None
Impact Metrics:	Confidentiality (C): Complete Integrity (I): Complete Availibility (A): Complete

Vulnerability Type:

CWE-122

Vulnerability Consequences:

Gain Access

References:

Source: MITRE
Type: CNA
CVE-2020-25682

Source: CCN
Type: US-CERT VU#434904
Dnsmasq is vulnerable to memory corruption and cache poisoning

Source: CCN
Type: dnsmasq Web site
dnsmasq

Source: MISC
Type: Issue Tracking, Patch, Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1882014

Source: XF
Type: UNKNOWN
dnsmasq-cve202025682-bo(195079)

Source: MLIST
Type: Mailing List, Third Party Advisory
[debian-lts-announce] 20210322 [SECURITY] [DLA 2604-1] dnsmasq security update

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2021-2e4c3d5a9d

Source: FEDORA
Type: Mailing List, Third Party Advisory
FEDORA-2021-84440e87ba

Source: CCN
Type: oss-sec Mailing List, Tue, 19 Jan 2021 13:30:49 +0100
Multiple CVEs in dnsmasq fixed in version 2.83

Source: GENTOO
Type: Third Party Advisory
GLSA-202101-17

Source: CCN
Type: Cisco Security Advisory cisco-sa-dnsmasq-dns-2021-c5mrdf3g
Multiple Vulnerabilities in dnsmasq DNS Forwarder Affecting Cisco Products: January 2021

Source: CCN
Type: ICSA-21-019-02
Dnsmasq by Simon Kelley

Source: DEBIAN
Type: Third Party Advisory
DSA-4844

Source: CCN
Type: JSOF web site
DNSpooq - Kaminsky attack is back!

Source: MISC
Type: Third Party Advisory
https://www.jsof-tech.com/disclosures/dnspooq/

Source: CCN
Type: WhiteSource Vulnerability Database
CVE-2020-25682

Vulnerable Configuration:

Configuration 1:

cpe:/a:thekelleys:dnsmasq:*:*:*:*:*:*:*:* (Version < 2.83)

Configuration 2:

cpe:/o:fedoraproject:fedora:32:*:*:*:*:*:*:*

OR cpe:/o:fedoraproject:fedora:33:*:*:*:*:*:*:*

Configuration 3:

cpe:/o:debian:debian_linux:9.0:*:*:*:*:*:*:*

OR cpe:/o:debian:debian_linux:10.0:*:*:*:*:*:*:*

Configuration RedHat 1:

cpe:/a:redhat:enterprise_linux:8:*:*:*:*:*:*:*

Configuration RedHat 2:

cpe:/a:redhat:enterprise_linux:8::appstream:*:*:*:*:*

Configuration CCN 1:

cpe:/a:thekelleys:dnsmasq:2.80:*:*:*:*:*:*:*

OR cpe:/a:thekelleys:dnsmasq:2.82:*:*:*:*:*:*:*

OR cpe:/a:thekelleys:dnsmasq:2.81:*:*:*:*:*:*:*

Denotes that component is vulnerable

Oval Definitions

Definition ID	Class	Title	Last Modified
oval:org.opensuse.security:def:7484	P	dnsmasq-2.86-150400.14.3 on GA media (Moderate)	2023-06-12
oval:org.opensuse.security:def:51564	P	Security update for kubevirt stack (Important)	2022-11-21
oval:org.opensuse.security:def:3233	P	libpng12-0-1.2.50-19.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:3410	P	xscreensaver-5.22-7.1 on GA media (Moderate)	2022-06-28
oval:org.opensuse.security:def:2909	P	dnsmasq-2.86-150400.14.3 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:94539	P	dnsmasq-2.86-150400.14.3 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:94522	P	coreutils-8.32-150400.7.5 on GA media (Moderate)	2022-06-22
oval:org.opensuse.security:def:45	P	dnsmasq-2.78-7.6.1 on GA media (Moderate)	2022-06-13
oval:org.opensuse.security:def:95237	P	Security update for postgresql14 (Important)	2022-06-01
oval:org.opensuse.security:def:101950	P	Security update for the Linux Kernel (Live Patch 15 for SLE 15 SP3) (Important)	2022-03-30
oval:org.opensuse.security:def:974	P	Security update for openssl-1_1 (Important)	2022-03-16
oval:org.opensuse.security:def:62063	P	dnsmasq-2.78-7.6.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:100821	P	dnsmasq-2.78-7.6.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:71804	P	dnsmasq-2.78-7.6.1 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:101235	P	sane-backends-1.0.32-6.6.2 on GA media (Moderate)	2021-08-09
oval:org.opensuse.security:def:111051	P	Security update for dnsmasq (Important)	2021-01-20
oval:org.opensuse.security:def:110649	P	Security update for dnsmasq (Important)	2021-01-20
oval:org.opensuse.security:def:32096	P	Security update for dnsmasq (Important)	2021-01-19
oval:org.opensuse.security:def:60259	P	Security update for dnsmasq (Important)	2021-01-19
oval:org.opensuse.security:def:23576	P	Security update for dnsmasq (Important)	2021-01-19
oval:org.opensuse.security:def:55826	P	Security update for dnsmasq (Important)	2021-01-19
oval:org.opensuse.security:def:89389	P	Security update for dnsmasq (Important)	2021-01-19
oval:org.opensuse.security:def:107901	P	Security update for dnsmasq (Important)	2021-01-19
oval:org.opensuse.security:def:44557	P	Security update for dnsmasq (Important)	2021-01-19
oval:org.opensuse.security:def:85641	P	Security update for dnsmasq (Important)	2021-01-19
oval:com.redhat.rhsa:def:20210150	P	RHSA-2021:0150: dnsmasq security update (Important)	2021-01-19
oval:org.opensuse.security:def:9325	P	Security update for dnsmasq (Important)	2021-01-19
oval:org.opensuse.security:def:34436	P	Security update for dnsmasq (Important)	2021-01-19
oval:org.opensuse.security:def:66489	P	Security update for dnsmasq (Important)	2021-01-19
oval:org.opensuse.security:def:126707	P	Security update for dnsmasq (Important)	2021-01-19
oval:org.opensuse.security:def:30003	P	Security update for dnsmasq (Important)	2021-01-19
oval:org.opensuse.security:def:58744	P	Security update for dnsmasq (Important)	2021-01-19
oval:org.opensuse.security:def:41275	P	Security update for dnsmasq (Important)	2021-01-19
oval:org.opensuse.security:def:51892	P	Security update for dnsmasq (Important)	2021-01-19
oval:org.opensuse.security:def:88120	P	Security update for dnsmasq (Important)	2021-01-19
oval:org.opensuse.security:def:73621	P	Security update for dnsmasq (Important)	2021-01-19
oval:org.opensuse.security:def:83210	P	Security update for dnsmasq (Important)	2021-01-19
oval:org.opensuse.security:def:5400	P	Security update for dnsmasq (Important)	2021-01-19
oval:org.opensuse.security:def:90471	P	Security update for dnsmasq (Important)	2021-01-19
oval:org.opensuse.security:def:32921	P	Security update for dnsmasq (Important)	2021-01-19
oval:org.opensuse.security:def:23904	P	Security update for dnsmasq (Important)	2021-01-19
oval:org.opensuse.security:def:57000	P	Security update for dnsmasq (Important)	2021-01-19
oval:org.opensuse.security:def:97436	P	Security update for dnsmasq (Important)	2021-01-19
oval:org.opensuse.security:def:108616	P	Security update for dnsmasq (Important)	2021-01-19
oval:org.opensuse.security:def:45705	P	Security update for dnsmasq (Important)	2021-01-19
oval:org.opensuse.security:def:86088	P	Security update for dnsmasq (Important)	2021-01-19
oval:org.opensuse.security:def:96947	P	Security update for dnsmasq (Important)	2021-01-19
oval:org.opensuse.security:def:10079	P	Security update for dnsmasq (Important)	2021-01-19
oval:org.opensuse.security:def:81075	P	Security update for dnsmasq (Important)	2021-01-19
oval:org.opensuse.security:def:66778	P	Security update for dnsmasq (Important)	2021-01-19
oval:org.opensuse.security:def:127104	P	Security update for dnsmasq (Important)	2021-01-19
oval:org.opensuse.security:def:31177	P	Security update for dnsmasq (Important)	2021-01-19
oval:org.opensuse.security:def:59476	P	Security update for dnsmasq (Important)	2021-01-19
oval:org.opensuse.security:def:21393	P	Security update for dnsmasq (Important)	2021-01-19
oval:org.opensuse.security:def:54738	P	Security update for dnsmasq (Important)	2021-01-19
oval:org.opensuse.security:def:88433	P	Security update for dnsmasq (Important)	2021-01-19
oval:org.opensuse.security:def:104126	P	Security update for dnsmasq (Important)	2021-01-19
oval:org.opensuse.security:def:75557	P	Security update for dnsmasq (Important)	2021-01-19
oval:org.opensuse.security:def:84144	P	Security update for dnsmasq (Important)	2021-01-19
oval:org.opensuse.security:def:5689	P	Security update for dnsmasq (Important)	2021-01-19
oval:org.opensuse.security:def:91196	P	Security update for dnsmasq (Important)	2021-01-19
oval:org.opensuse.security:def:33653	P	Security update for dnsmasq (Important)	2021-01-19
oval:org.opensuse.security:def:64322	P	Security update for dnsmasq (Important)	2021-01-19
oval:org.opensuse.security:def:117416	P	Security update for dnsmasq (Important)	2021-01-19
oval:org.opensuse.security:def:28915	P	Security update for dnsmasq (Important)	2021-01-19
oval:org.opensuse.security:def:57447	P	Security update for dnsmasq (Important)	2021-01-19
oval:org.opensuse.security:def:98161	P	Security update for dnsmasq (Important)	2021-01-19
oval:org.opensuse.security:def:38127	P	Security update for dnsmasq (Important)	2021-01-19
oval:org.opensuse.security:def:51141	P	Security update for dnsmasq (Important)	2021-01-19
oval:org.opensuse.security:def:86560	P	Security update for dnsmasq (Important)	2021-01-19
oval:org.opensuse.security:def:96951	P	Security update for dnsmasq (Important)	2021-01-19
oval:org.opensuse.security:def:82122	P	Security update for dnsmasq (Important)	2021-01-19
oval:org.opensuse.security:def:69465	P	Security update for dnsmasq (Important)	2021-01-19
oval:org.opensuse.security:def:31624	P	Security update for dnsmasq (Important)	2021-01-19
oval:org.opensuse.security:def:59734	P	Security update for dnsmasq (Important)	2021-01-19
oval:org.opensuse.security:def:23153	P	Security update for dnsmasq (Important)	2021-01-19
oval:org.opensuse.security:def:55189	P	Security update for dnsmasq (Important)	2021-01-19
oval:org.opensuse.security:def:89131	P	Security update for dnsmasq (Important)	2021-01-19
oval:org.opensuse.security:def:104851	P	Security update for dnsmasq (Important)	2021-01-19
oval:org.opensuse.security:def:75846	P	Security update for dnsmasq (Important)	2021-01-19
oval:org.opensuse.security:def:84602	P	Security update for dnsmasq (Important)	2021-01-19
oval:org.opensuse.security:def:8580	P	Security update for dnsmasq (Important)	2021-01-19
oval:org.opensuse.security:def:33911	P	Security update for dnsmasq (Important)	2021-01-19
oval:org.opensuse.security:def:64499	P	Security update for dnsmasq (Important)	2021-01-19
oval:org.opensuse.security:def:125537	P	Security update for dnsmasq (Important)	2021-01-19
oval:org.opensuse.security:def:29366	P	Security update for dnsmasq (Important)	2021-01-19
oval:org.opensuse.security:def:57919	P	Security update for dnsmasq (Important)	2021-01-19
oval:org.opensuse.security:def:40127	P	Security update for dnsmasq (Important)	2021-01-19
oval:org.opensuse.security:def:87385	P	Security update for dnsmasq (Important)	2021-01-19
oval:org.opensuse.security:def:73444	P	Security update for dnsmasq (Important)	2021-01-19
oval:org.opensuse.security:def:82573	P	Security update for dnsmasq (Important)	2021-01-19
oval:org.opensuse.security:def:70219	P	Security update for dnsmasq (Important)	2021-01-19

BACK