CVE-2020-25682

HIGH

Thekelleys Dnsmasq < 2.83 - Out-of-Bounds Write

Title source: rule
STIX 2.1

Description

A flaw was found in dnsmasq before 2.83. A buffer overflow vulnerability was discovered in the way dnsmasq extract names from DNS packets before validating them with DNSSEC data. An attacker on the network, who can create valid DNS replies, could use this flaw to cause an overflow with arbitrary data in a heap-allocated memory, possibly executing code on the machine. The flaw is in the rfc1035.c:extract_name() function, which writes data to the memory pointed by name assuming MAXDNAME*2 bytes are available in the buffer. However, in some code execution paths, it is possible extract_name() gets passed an offset from the base buffer, thus reducing, in practice, the number of available bytes that can be written in the buffer. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

References (8)

Core 8
Core References
Third Party Advisory x_refsource_misc
https://www.jsof-tech.com/disclosures/dnspooq/
Issue Tracking, Patch, Third Party Advisory x_refsource_misc
https://bugzilla.redhat.com/show_bug.cgi?id=1882014
Third Party Advisory vendor-advisory x_refsource_gentoo
https://security.gentoo.org/glsa/202101-17
Third Party Advisory vendor-advisory x_refsource_debian
https://www.debian.org/security/2021/dsa-4844
Mailing List, Third Party Advisory mailing-list x_refsource_mlist
https://lists.debian.org/debian-lts-announce/2021/03/msg00027.html
Third Party Advisory, US Government Resource
https://www.kb.cert.org/vuls/id/434904

Scores

CVSS v3 8.1
EPSS 0.3429
EPSS Percentile 97.0%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE
CWE-122 CWE-787
Status published
Products (5)
debian/debian_linux 9.0
debian/debian_linux 10.0
fedoraproject/fedora 32
fedoraproject/fedora 33
thekelleys/dnsmasq < 2.83
Published Jan 20, 2021
Tracked Since Feb 18, 2026