What is CVE-2020-25682?

CVE-2020-25682 is a vulnerability in Dnsmasq, classified under Heap-based Buffer Overflow. Published 2021-01-20.

Is CVE-2020-25682 known to be exploited?

5 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Buffer overflow in Dnsmasq

CVE-2020-25682

A flaw was found in dnsmasq before 2.83. A buffer overflow vulnerability was discovered in the way dnsmasq extract names from DNS packets before validating them with DNSSEC data. An attacker on the network, who can create valid DNS replies…

Vulnerability class: Buffer Overflow

EPSS: 0.710 (99.3th percentile) — read the EPSS interpretation.

Affected products

N/a Dnsmasq — versions dnsmasq 2.83

Weakness classification (CWE)

CWE-122 — Heap-based Buffer Overflow

Public proof-of-concept exploits

References

www.jsof-tech.com/disclosures/dnspooq/ (x_refsource_MISC)
bugzilla.redhat.com/show_bug.cgi (x_refsource_MISC)
FEDORA-2021-84440e87ba (vendor-advisory, x_refsource_FEDORA)
GLSA-202101-17 (vendor-advisory, x_refsource_GENTOO)
DSA-4844 (vendor-advisory, x_refsource_DEBIAN)
FEDORA-2021-2e4c3d5a9d (vendor-advisory, x_refsource_FEDORA)
[debian-lts-announce] 20210322 [SECURITY] [DLA 2604-1] dnsmasq security update (mailing-list, x_refsource_MLIST)

Frequently asked questions

What is CVE-2020-25682?: CVE-2020-25682 is a vulnerability in Dnsmasq, classified under Heap-based Buffer Overflow. Published 2021-01-20.
Is CVE-2020-25682 known to be exploited?: 5 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.