What is CVE-2020-25681?

CVE-2020-25681 is a vulnerability in Dnsmasq, classified under Heap-based Buffer Overflow. Published 2021-01-20.

Is CVE-2020-25681 known to be exploited?

7 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Buffer overflow in Dnsmasq

CVE-2020-25681

A flaw was found in dnsmasq before version 2.83. A heap-based buffer overflow was discovered in the way RRSets are sorted before validating with DNSSEC data. An attacker on the network, who can forge DNS replies such as that they are accep…

Vulnerability class: Buffer Overflow

EPSS: 0.813 (99.6th percentile) — read the EPSS interpretation.

Affected products

N/a Dnsmasq — versions dnsmasq 2.83

Weakness classification (CWE)

CWE-122 — Heap-based Buffer Overflow

Public proof-of-concept exploits

References

www.jsof-tech.com/disclosures/dnspooq/ (x_refsource_MISC)
bugzilla.redhat.com/show_bug.cgi (x_refsource_MISC)
FEDORA-2021-84440e87ba (vendor-advisory, x_refsource_FEDORA)
GLSA-202101-17 (vendor-advisory, x_refsource_GENTOO)
DSA-4844 (vendor-advisory, x_refsource_DEBIAN)
FEDORA-2021-2e4c3d5a9d (vendor-advisory, x_refsource_FEDORA)
[debian-lts-announce] 20210322 [SECURITY] [DLA 2604-1] dnsmasq security update (mailing-list, x_refsource_MLIST)

Frequently asked questions

What is CVE-2020-25681?: CVE-2020-25681 is a vulnerability in Dnsmasq, classified under Heap-based Buffer Overflow. Published 2021-01-20.
Is CVE-2020-25681 known to be exploited?: 7 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.