PT-2021-2208 · Dnsmasq+6 · Dnsmasq+6

Moshe Kol

Published

2021-01-19

Updated

2024-06-15

CVE-2020-25681

CVSS v2.0

9.3

High

Vector

AV:N/AC:M/Au:N/C:C/I:C/A:C

Name of the Vulnerable Software and Affected Versions dnsmasq versions prior to 2.83

Description A heap-based buffer overflow was discovered in the way RRSets are sorted before validating with DNSSEC data. An attacker on the network, who can forge DNS replies such as that they are accepted as valid, could use this flaw to cause a buffer overflow with arbitrary data in a heap memory segment, possibly executing code on the machine. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Recommendations For versions prior to 2.83, update to version 2.83 or later to resolve the issue. As a temporary workaround, consider restricting access to the DNS server to minimize the risk of exploitation. Avoid using the sort rrset() function in the dnssec.c file until a patch is available.

Fix

Heap Based Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-122

Related Identifiers

ALT-PU-2021-1126

ALT-PU-2021-1167

ALT-PU-2021-1217

BDU:2021-01117

CESA-2021_0150

CVE-2020-25681

DLA-2604-1

DSA-4844-1

MGASA-2021-0059

OESA-2021-1001

OPENSUSE-SU-2021:0124-1

OPENSUSE-SU-2021:0129-1

OPENSUSE-SU-2021_0124-1

OPENSUSE-SU-2021_0129-1

OPENSUSE-SU-2024:10721-1

RHSA-2021:0150

RHSA-2021:0151

RHSA-2021:0152

RHSA-2021_0150

SUSE-SU-2021:0162-1

SUSE-SU-2021:0163-1

SUSE-SU-2021:0166-1

SUSE-SU-2021:14603-1

SUSE-SU-2021:14604-1

SUSE-SU-2021_0162-1

SUSE-SU-2021_0163-1

SUSE-SU-2021_0166-1

SUSE-SU-2021_14603-1

USN-4698-1

USN-4698-2

Affected Products

Alt Linux

Centos

Linuxmint

Red Hat

Suse

Ubuntu

Dnsmasq

PT-2021-2208 · Dnsmasq+6 · Dnsmasq+6

CVE-2020-25681

Weakness Enumeration

Related Identifiers

Affected Products

References · 97