Описание
A flaw was found in dnsmasq before version 2.83. A heap-based buffer overflow was discovered in the way RRSets are sorted before validating with DNSSEC data. An attacker on the network, who can forge DNS replies such as that they are accepted as valid, could use this flaw to cause a buffer overflow with arbitrary data in a heap memory segment, possibly executing code on the machine. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
A flaw was found in dnsmasq. A heap-based buffer overflow was discovered in the way RRSets are sorted before validating with DNSSEC data. An attacker on the network, who can forge DNS replies such as that they are accepted as valid, could use this flaw to cause a buffer overflow with arbitrary data in a heap memory segment, possibly executing code on the machine. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
Отчет
This issue does not affect the versions of dnsmasq as shipped with Red Hat Enterprise Linux 5, 6, and 7 as they are not compiled with DNSSEC support.
Меры по смягчению последствий
The only known way to mitigate this flaw is to disable DNSSEC altogether, by removing the --dnssec command line option or the dnssec option from dnsmasq configuration file.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 5 | dnsmasq | Not affected | ||
| Red Hat Enterprise Linux 6 | dnsmasq | Not affected | ||
| Red Hat Enterprise Linux 7 | dnsmasq | Not affected | ||
| Red Hat Enterprise Linux 9 | dnsmasq | Not affected | ||
| Red Hat OpenStack Platform 10 (Newton) | dnsmasq | Not affected | ||
| Red Hat OpenStack Platform 13 (Queens) | dnsmasq | Not affected | ||
| Red Hat Enterprise Linux 8 | dnsmasq | Fixed | RHSA-2021:0150 | 19.01.2021 |
| Red Hat Enterprise Linux 8.1 Extended Update Support | dnsmasq | Fixed | RHSA-2021:0152 | 19.01.2021 |
| Red Hat Enterprise Linux 8.2 Extended Update Support | dnsmasq | Fixed | RHSA-2021:0151 | 19.01.2021 |
Показывать по
Дополнительная информация
Статус:
EPSS
8.1 High
CVSS3
Связанные уязвимости
A flaw was found in dnsmasq before version 2.83. A heap-based buffer overflow was discovered in the way RRSets are sorted before validating with DNSSEC data. An attacker on the network, who can forge DNS replies such as that they are accepted as valid, could use this flaw to cause a buffer overflow with arbitrary data in a heap memory segment, possibly executing code on the machine. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
A flaw was found in dnsmasq before version 2.83. A heap-based buffer overflow was discovered in the way RRSets are sorted before validating with DNSSEC data. An attacker on the network, who can forge DNS replies such as that they are accepted as valid, could use this flaw to cause a buffer overflow with arbitrary data in a heap memory segment, possibly executing code on the machine. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
A flaw was found in dnsmasq before version 2.83. A heap-based buffer o ...
A flaw was found in dnsmasq before version 2.83. A heap-based buffer overflow was discovered in the way RRSets are sorted before validating with DNSSEC data. An attacker on the network, who can forge DNS replies such as that they are accepted as valid, could use this flaw to cause a buffer overflow with arbitrary data in a heap memory segment, possibly executing code on the machine. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
EPSS
8.1 High
CVSS3