PT-2021-3538 · Dnsmasq+6 · Dnsmasq+6

Published

2021-01-19

·

Updated

2024-06-15

·

CVE-2020-25683

CVSS v2.0

7.1

High

VectorAV:N/AC:M/Au:N/C:N/I:N/A:C
Name of the Vulnerable Software and Affected Versions dnsmasq versions prior to 2.83
Description A heap-based buffer overflow was discovered in dnsmasq when DNSSEC is enabled. This issue is caused by the lack of length checks in the extract name() function, which could be abused to make the code execute memcpy() with a negative size in get rdata() and cause a crash in dnsmasq, resulting in a denial of service. A remote attacker, who can create valid DNS replies, could use this flaw to cause an overflow in a heap-allocated memory. The highest threat from this issue is to system availability.
Recommendations For versions prior to 2.83, update to version 2.83 or later to resolve the issue. As a temporary workaround, consider disabling DNSSEC until a patch is available. Restrict access to the extract name() function in rfc1035.c to minimize the risk of exploitation. Avoid using the get rdata() function with unvalidated input until the issue is resolved.

Fix

DoS

Heap Based Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-122

Related Identifiers

ALT-PU-2021-1126
ALT-PU-2021-1167
ALT-PU-2021-1217
BDU:2021-03622
CESA-2021_0150
CVE-2020-25683
DLA-2604-1
DSA-4844-1
MGASA-2021-0059
OESA-2021-1001
OPENSUSE-SU-2021:0124-1
OPENSUSE-SU-2021:0129-1
OPENSUSE-SU-2021_0124-1
OPENSUSE-SU-2021_0129-1
OPENSUSE-SU-2024:10721-1
RHSA-2021:0150
RHSA-2021:0151
RHSA-2021:0152
RHSA-2021_0150
SUSE-SU-2021:0162-1
SUSE-SU-2021:0163-1
SUSE-SU-2021:0166-1
SUSE-SU-2021:14603-1
SUSE-SU-2021:14604-1
SUSE-SU-2021_14603-1
USN-4698-1
USN-4698-2

Affected Products

Alt Linux
Centos
Linuxmint
Red Hat
Suse
Ubuntu
Dnsmasq