CVE-2020-25687

NameCVE-2020-25687
DescriptionA flaw was found in dnsmasq before version 2.83. A heap-based buffer overflow was discovered in dnsmasq when DNSSEC is enabled and before it validates the received DNS entries. This flaw allows a remote attacker, who can create valid DNS replies, to cause an overflow in a heap-allocated memory. This flaw is caused by the lack of length checks in rfc1035.c:extract_name(), which could be abused to make the code execute memcpy() with a negative size in sort_rrset() and cause a crash in dnsmasq, resulting in a denial of service. The highest threat from this vulnerability is to system availability.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
ReferencesDSA-4844-1
NVD severityhigh

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
dnsmasq (PTS)stretch2.76-5+deb9u2vulnerable
stretch (security)2.76-5+deb9u1vulnerable
buster2.80-1vulnerable
buster (security)2.80-1+deb10u1fixed
bullseye, sid2.84-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
dnsmasqsourcebuster2.80-1+deb10u1DSA-4844-1
dnsmasqsource(unstable)2.83-1

Notes

https://www.openwall.com/lists/oss-security/2021/01/19/1
http://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=4e96a4be685c9e4445f6ee79ad0b36b9119b502a

Search for package or bug name: Reporting problems