What is CVE-2020-25687?

CVE-2020-25687 is a vulnerability in Dnsmasq, classified under Heap-based Buffer Overflow. Published 2021-01-20.

Is CVE-2020-25687 known to be exploited?

6 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Buffer overflow in Dnsmasq

CVE-2020-25687

A flaw was found in dnsmasq before version 2.83. A heap-based buffer overflow was discovered in dnsmasq when DNSSEC is enabled and before it validates the received DNS entries. This flaw allows a remote attacker, who can create valid DNS r…

Vulnerability class: Buffer Overflow

EPSS: 0.868 (99.7th percentile) — read the EPSS interpretation.

Affected products

N/a Dnsmasq — versions dnsmasq 2.83

Weakness classification (CWE)

CWE-122 — Heap-based Buffer Overflow

Public proof-of-concept exploits

References

www.jsof-tech.com/disclosures/dnspooq/ (x_refsource_MISC)
bugzilla.redhat.com/show_bug.cgi (x_refsource_MISC)
FEDORA-2021-84440e87ba (vendor-advisory, x_refsource_FEDORA)
GLSA-202101-17 (vendor-advisory, x_refsource_GENTOO)
DSA-4844 (vendor-advisory, x_refsource_DEBIAN)
FEDORA-2021-2e4c3d5a9d (vendor-advisory, x_refsource_FEDORA)
[debian-lts-announce] 20210322 [SECURITY] [DLA 2604-1] dnsmasq security update (mailing-list, x_refsource_MLIST)

Frequently asked questions

What is CVE-2020-25687?: CVE-2020-25687 is a vulnerability in Dnsmasq, classified under Heap-based Buffer Overflow. Published 2021-01-20.
Is CVE-2020-25687 known to be exploited?: 6 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.