CVE-2020-25682 — Heap-based Buffer Overflow in Dnsmasq
Severity
8.1HIGHNVD
EPSS
34.3%
top 3.01%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedJan 20
Latest updateMay 24
Description
A flaw was found in dnsmasq before 2.83. A buffer overflow vulnerability was discovered in the way dnsmasq extract names from DNS packets before validating them with DNSSEC data. An attacker on the network, who can create valid DNS replies, could use this flaw to cause an overflow with arbitrary data in a heap-allocated memory, possibly executing code on the machine. The flaw is in the rfc1035.c:extract_name() function, which writes data to the memory pointed by name assuming MAXDNAME*2 bytes ar…
CVSS vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 2.2 | Impact: 5.9
Affected Packages3 packages
Also affects: Debian Linux 10.0, 9.0, Fedora 32, 33
Patches
🔴Vulnerability Details
5📋Vendor Advisories
5Cisco
▶
Red Hat▶
dnsmasq: buffer overflow in extract_name() due to missing length check when DNSSEC is enabled↗2021-01-19
Microsoft▶
A flaw was found in dnsmasq before 2.83. A buffer overflow vulnerability was discovered in the way dnsmasq extract names from DNS packets before validating them with DNSSEC data. An attacker on the ne↗2021-01-12
Debian▶
CVE-2020-25682: dnsmasq - A flaw was found in dnsmasq before 2.83. A buffer overflow vulnerability was dis...↗2020
💬Community
1Bugzilla▶
CVE-2020-25682 dnsmasq: buffer overflow in extract_name() due to missing length check when DNSSEC is enabled↗2020-09-23