CVE-2020-25683

20.01.2021, 16:15

A flaw was found in dnsmasq before version 2.83. A heap-based buffer overflow was discovered in dnsmasq when DNSSEC is enabled and before it validates the received DNS entries. A remote attacker, who can create valid DNS replies, could use this flaw to cause an overflow in a heap-allocated memory. This flaw is caused by the lack of length checks in rfc1035.c:extract_name(), which could be abused to make the code execute memcpy() with a negative size in get_rdata() and cause a crash in dnsmasq, resulting in a denial of service. The highest threat from this vulnerability is to system availability.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	5.9 MEDIUM	NETWORK	HIGH	NONE	CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Base Score

CVSS 3.x

EPSS Score

Percentile: 96%

Affected Products (NVD)

Vendor	Product	Version
thekelleys	dnsmasq	𝑥 < 2.83
debian	debian_linux	9.0
debian	debian_linux	10.0

𝑥

= Vulnerable software versions

Debian Releases

Debian Product

Codename

dnsmasq

bookworm	2.89-1 fixed
bullseye	2.85-1 fixed
sid	2.90-4 fixed
trixie	2.90-4 fixed

Ubuntu Releases

Ubuntu Product

Codename

dnsmasq

bionic	Fixed 2.79-1ubuntu0.2 released
focal	Fixed 2.80-1.1ubuntu1.2 released
groovy	Fixed 2.82-1ubuntu1.1 released
hirsute	Fixed 2.82-1ubuntu2 released
impish	Fixed 2.82-1ubuntu2 released
jammy	Fixed 2.82-1ubuntu2 released
kinetic	Fixed 2.82-1ubuntu2 released
lunar	Fixed 2.82-1ubuntu2 released
mantic	Fixed 2.82-1ubuntu2 released
noble	Fixed 2.82-1ubuntu2 released
trusty	needs-triage
xenial	Fixed 2.75-1ubuntu0.16.04.7 released

Red Hat Enterprise Linux Releases

Red Hat Product

Release

dnsmasq

RHEL 8	0:2.79-13.el8_3.1 fixed
RHEL 8.1 E4S	0:2.79-6.el8_1.1 fixed
RHEL 8.1 EUS	0:2.79-6.el8_1.1 fixed
RHEL 8.2 AUS	0:2.79-11.el8_2.2 fixed
RHEL 8.2 E4S	0:2.79-11.el8_2.2 fixed
RHEL 8.2 EUS	0:2.79-11.el8_2.2 fixed
RHEL 8.2 TUS	0:2.79-11.el8_2.2 fixed

dnsmasq-utils

RHEL 8	0:2.79-13.el8_3.1 fixed
RHEL 8.1 E4S	0:2.79-6.el8_1.1 fixed
RHEL 8.1 EUS	0:2.79-6.el8_1.1 fixed
RHEL 8.2 AUS	0:2.79-11.el8_2.2 fixed
RHEL 8.2 E4S	0:2.79-11.el8_2.2 fixed
RHEL 8.2 EUS	0:2.79-11.el8_2.2 fixed
RHEL 8.2 TUS	0:2.79-11.el8_2.2 fixed

Common Weakness Enumeration

CWE-122 - Heap-based Buffer Overflow
A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().

References

https://bugzilla.redhat.com/show_bug.cgi?id=1882018

https://lists.debian.org/debian-lts-announce/2021/03/msg00027.html

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QGB7HL3OWHTLEPSMLDGOMXQKG3KM2QME/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WYW3IR6APUSKOYKL5FT3ACTIHWHGQY32/

https://security.gentoo.org/glsa/202101-17

https://www.debian.org/security/2021/dsa-4844

https://www.jsof-tech.com/disclosures/dnspooq/

https://bugzilla.redhat.com/show_bug.cgi?id=1882018

https://lists.debian.org/debian-lts-announce/2021/03/msg00027.html

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QGB7HL3OWHTLEPSMLDGOMXQKG3KM2QME/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WYW3IR6APUSKOYKL5FT3ACTIHWHGQY32/

https://security.gentoo.org/glsa/202101-17

https://www.debian.org/security/2021/dsa-4844

https://www.jsof-tech.com/disclosures/dnspooq/

https://www.kb.cert.org/vuls/id/434904