Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

nvd логотип

CVE-2020-25687

Опубликовано: 20 янв. 2021
Источник: nvd
CVSS3: 5.9
CVSS2: 7.1
EPSS Средний

Описание

A flaw was found in dnsmasq before version 2.83. A heap-based buffer overflow was discovered in dnsmasq when DNSSEC is enabled and before it validates the received DNS entries. This flaw allows a remote attacker, who can create valid DNS replies, to cause an overflow in a heap-allocated memory. This flaw is caused by the lack of length checks in rfc1035.c:extract_name(), which could be abused to make the code execute memcpy() with a negative size in sort_rrset() and cause a crash in dnsmasq, resulting in a denial of service. The highest threat from this vulnerability is to system availability.

Ссылки

Уязвимые конфигурации

Конфигурация 1
cpe:2.3:a:thekelleys:dnsmasq:*:*:*:*:*:*:*:*
Версия до 2.83 (исключая)
Конфигурация 2

Одно из

cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:33:*:*:*:*:*:*:*
Конфигурация 3

Одно из

cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*

EPSS

Процентиль: 96%
0.22341
Средний

5.9 Medium

CVSS3

7.1 High

CVSS2

Дефекты

CWE-122

Связанные уязвимости

ubuntu логотип

CVE-2020-25687

CVSS3: 5.9
ubuntu
больше 4 лет назад

A flaw was found in dnsmasq before version 2.83. A heap-based buffer overflow was discovered in dnsmasq when DNSSEC is enabled and before it validates the received DNS entries. This flaw allows a remote attacker, who can create valid DNS replies, to cause an overflow in a heap-allocated memory. This flaw is caused by the lack of length checks in rfc1035.c:extract_name(), which could be abused to make the code execute memcpy() with a negative size in sort_rrset() and cause a crash in dnsmasq, resulting in a denial of service. The highest threat from this vulnerability is to system availability.

redhat логотип

CVE-2020-25687

CVSS3: 5.9
redhat
больше 4 лет назад

A flaw was found in dnsmasq before version 2.83. A heap-based buffer overflow was discovered in dnsmasq when DNSSEC is enabled and before it validates the received DNS entries. This flaw allows a remote attacker, who can create valid DNS replies, to cause an overflow in a heap-allocated memory. This flaw is caused by the lack of length checks in rfc1035.c:extract_name(), which could be abused to make the code execute memcpy() with a negative size in sort_rrset() and cause a crash in dnsmasq, resulting in a denial of service. The highest threat from this vulnerability is to system availability.

msrc логотип

CVE-2020-25687

CVSS3: 5.9
msrc
больше 4 лет назад

Описание отсутствует

debian логотип

CVE-2020-25687

CVSS3: 5.9
debian
больше 4 лет назад

A flaw was found in dnsmasq before version 2.83. A heap-based buffer o ...

github логотип

GHSA-rv27-69cw-6j7x

github
больше 3 лет назад

A flaw was found in dnsmasq before version 2.83. A heap-based buffer overflow was discovered in dnsmasq when DNSSEC is enabled and before it validates the received DNS entries. This flaw allows a remote attacker, who can create valid DNS replies, to cause an overflow in a heap-allocated memory. This flaw is caused by the lack of length checks in rfc1035.c:extract_name(), which could be abused to make the code execute memcpy() with a negative size in sort_rrset() and cause a crash in dnsmasq, resulting in a denial of service. The highest threat from this vulnerability is to system availability.

EPSS

Процентиль: 96%
0.22341
Средний

5.9 Medium

CVSS3

7.1 High

CVSS2

Дефекты

CWE-122