CVE-2020-25681

CVE	CVE-2020-25681
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2021-01-20 17:15:00 UTC
Updated	2023-11-07 03:20:00 UTC
Description	A flaw was found in dnsmasq before version 2.83. A heap-based buffer overflow was discovered in the way RRSets are sorted before validating with DNSSEC data. An attacker on the network, who can forge DNS replies such as that they are accepted as valid, could use this flaw to cause a buffer overflow with arbitrary data in a heap memory segment, possibly executing code on the machine. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

Problem Types: CWE-122

Type	Vendor	Product	Version	Update	Edition	Language
Operating System	Debian	Debian Linux	10.0	All	All	All
Operating System	Debian	Debian Linux	9.0	All	All	All
Operating System	Debian	Debian Linux	10.0	All	All	All
Operating System	Fedoraproject	Fedora	32	All	All	All
Operating System	Fedoraproject	Fedora	33	All	All	All
Operating System	Fedoraproject	Fedora	32	All	All	All
Operating System	Fedoraproject	Fedora	33	All	All	All
Application	Thekelleys	Dnsmasq	All	All	All	All
Application	Thekelleys	Dnsmasq	All	All	All	All

Reference	Source	Link	Tags
[SECURITY] Fedora 33 Update: dnsmasq-2.83-1.fc33 - package-announce - Fedora Mailing-Lists	FEDORA	lists.fedoraproject.org	Mailing List, Third Party Advisory
[SECURITY] [DLA 2604-1] dnsmasq security update	MLIST	lists.debian.org
[SECURITY] Fedora 32 Update: dnsmasq-2.84-1.fc32 - package-announce - Fedora Mailing-Lists	FEDORA	lists.fedoraproject.org	Mailing List, Third Party Advisory
1881875 – (CVE-2020-25681) CVE-2020-25681 dnsmasq: heap-based buffer overflow in sort_rrset() when DNSSEC is enabled	MISC	bugzilla.redhat.com	Issue Tracking, Patch, Third Party Advisory
[SECURITY] Fedora 33 Update: dnsmasq-2.83-1.fc33 - package-announce - Fedora Mailing-Lists		lists.fedoraproject.org
[SECURITY] Fedora 32 Update: dnsmasq-2.84-1.fc32 - package-announce - Fedora Mailing-Lists		lists.fedoraproject.org
Dnsmasq: Multiple vulnerabilities (GLSA 202101-17) — Gentoo security	GENTOO	security.gentoo.org	Third Party Advisory
DNSPOOQ - JSOF	MISC	www.jsof-tech.com	Third Party Advisory
Debian -- Security Information -- DSA-4844-1 dnsmasq	DEBIAN	www.debian.org	Third Party Advisory
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

161048 Oracle Enterprise Linux Security Update for dnsmasq (ELSA-2023-12972)
161049 Oracle Enterprise Linux Security Update for dnsmasq (ELSA-2023-12971)
178499 Debian Security Update for dnsmasq (DLA 2604-1)
296069 Oracle Solaris 11.4 Support Repository Update (SRU) 31.88.5 Missing (CPUJAN2021)
377140 Alibaba Cloud Linux Security Update for dnsmasq (ALINUX3-SA-2021:0009)
500150 Alpine Linux Security Update for dnsmasq
503800 Alpine Linux Security Update for dnsmasq
670173 EulerOS Security Update for dnsmasq (EulerOS-SA-2021-1673)
690442 Free Berkeley Software Distribution (FreeBSD) Security Update for dnsmasq (5b5cf6e5-5b51-11eb-95ac-7f9491278677)
750407 OpenSUSE Security Update for dnsmasq (openSUSE-SU-2021:0129-1)
750409 OpenSUSE Security Update for dnsmasq (openSUSE-SU-2021:0124-1)
900068 CBL-Mariner Linux Security Update for dnsmasq 2.79
903216 Common Base Linux Mariner (CBL-Mariner) Security Update for dnsmasq (3813)
940396 AlmaLinux Security Update for dnsmasq (ALSA-2021:0150)