VDB
CVE-2020-25681
CVE-2020-25681
PUBLISHED
A flaw was found in dnsmasq before version 2.83. A heap-based buffer overflow was discovered in the way RRSets are sorted before validating with DNSSEC data. An attacker on the network, who can forge DNS replies such as that they are accepted as valid, could use this flaw to cause a buffer overflow with arbitrary data in a heap memory segment, possibly executing code on the machine. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.
EPSS 45.36% · 97.7th percentile
Risk Scores
EPSS Score
45.36%
97.7th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:16.04:LTS | dnsmasq | 0, 2.75-1, 2.75-1ubuntu0.16.04.1 |
| Ubuntu:18.04:LTS | dnsmasq | 0, 2.78-1, 2.78-3 |
| Ubuntu:20.04:LTS | dnsmasq | 0, 2.80-1ubuntu2, 2.80-1ubuntu4 |
Exploit Intelligence
- nuliljj/kimocoder-CVE-2020-25681 (github-poc-repo)
- nuliljj/kimocoder-CVE-2020-25681 (github-poc-repo)
- nuliljj/kimocoder-CVE-2020-25681 (github-poc-repo)
- nuliljj/kimocoder-CVE-2020-25681 (github-poc-repo)
- nuliljj/kimocoder-CVE-2020-25681 (github-poc-repo)
- nuliljj/kimocoder-CVE-2020-25681 (github-poc-repo)
- nuliljj/kimocoder-CVE-2020-25681 (github-poc-repo)
- nuliljj/kimocoder-CVE-2020-25681 (github-poc-repo)
- nuliljj/CVE-2020-25681 (github-poc-repo)
- nuliljj/CVE-2020-25681 (github-poc-repo)
…and 29 more exploits
Timeline
- Jan 18, 2021 CVE Published
- Jan 20, 2021 PoC Published
- Apr 14, 2021 EPSS Score
- Jan 6, 2022 EPSS Score
- Feb 4, 2022 EPSS Score
- Apr 1, 2022 EPSS Score
- Mar 7, 2023 EPSS Score
- Oct 6, 2023 EPSS Score
- Nov 6, 2023 CVE Updated
- Nov 8, 2023 EPSS Score
- Nov 9, 2024 EPSS Score
- Nov 24, 2024 EPSS Score
References
- https://ubuntu.com/security/CVE-2020-25681 third-party-advisory
- https://www.jsof-tech.com/disclosures/dnspooq/ third-party-advisory
- http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2021q1/014599.html third-party-advisory
- https://ubuntu.com/security/notices/USN-4698-1 vendor-advisory
- https://www.cve.org/CVERecord?id=CVE-2020-25681 third-party-advisory