Vulnerability Details : CVE-2020-25681
A flaw was found in dnsmasq before version 2.83. A heap-based buffer overflow was discovered in the way RRSets are sorted before validating with DNSSEC data. An attacker on the network, who can forge DNS replies such as that they are accepted as valid, could use this flaw to cause a buffer overflow with arbitrary data in a heap memory segment, possibly executing code on the machine. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Vulnerability category: Overflow
Products affected by CVE-2020-25681
- cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
- cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
- cpe:2.3:a:thekelleys:dnsmasq:*:*:*:*:*:*:*:*
Threat overview for CVE-2020-25681
Top countries where our scanners detected CVE-2020-25681
Top open port discovered on systems with this issue
53
IPs affected by CVE-2020-25681 1,048,819
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2020-25681!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2020-25681
15.94%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 95 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2020-25681
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
8.3
|
HIGH | AV:N/AC:M/Au:N/C:P/I:P/A:C |
8.6
|
8.5
|
NIST | |
8.1
|
HIGH | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
2.2
|
5.9
|
NIST |
CWE ids for CVE-2020-25681
-
A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().Assigned by: secalert@redhat.com (Primary)
References for CVE-2020-25681
-
https://bugzilla.redhat.com/show_bug.cgi?id=1881875
1881875 – (CVE-2020-25681) CVE-2020-25681 dnsmasq: heap-based buffer overflow in sort_rrset() when DNSSEC is enabledIssue Tracking;Patch;Third Party Advisory
-
https://www.jsof-tech.com/disclosures/dnspooq/
DNSPOOQ - JSOFThird Party Advisory
-
https://security.gentoo.org/glsa/202101-17
Dnsmasq: Multiple vulnerabilities (GLSA 202101-17) — Gentoo securityThird Party Advisory
-
https://lists.debian.org/debian-lts-announce/2021/03/msg00027.html
[SECURITY] [DLA 2604-1] dnsmasq security updateMailing List;Third Party Advisory
-
https://www.debian.org/security/2021/dsa-4844
Debian -- Security Information -- DSA-4844-1 dnsmasqThird Party Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QGB7HL3OWHTLEPSMLDGOMXQKG3KM2QME/
[SECURITY] Fedora 32 Update: dnsmasq-2.84-1.fc32 - package-announce - Fedora Mailing-ListsMailing List;Third Party Advisory
-
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WYW3IR6APUSKOYKL5FT3ACTIHWHGQY32/
[SECURITY] Fedora 33 Update: dnsmasq-2.83-1.fc33 - package-announce - Fedora Mailing-ListsMailing List;Third Party Advisory
Jump to