CVE-2020-25681 — Vulnetix

Try Vulnetix Request Demo

CVE-2020-25681 PUBLISHED

A flaw was found in dnsmasq before version 2.83. A heap-based buffer overflow was discovered in the way RRSets are sorted before validating with DNSSEC data. An attacker on the network, who can forge DNS replies such as that they are accepted as valid, could use this flaw to cause a buffer overflow with arbitrary data in a heap memory segment, possibly executing code on the machine. The highest threat from this vulnerability is to data confidentiality and integrity as well as system availability.

EPSS 45.36% · 97.6th percentile

Risk Scores

EPSS Score

45.36%

97.6th percentile

Affected Products

Vendor	Product	Versions
Ubuntu:16.04:LTS	dnsmasq	2.75-1ubuntu0.16.04.2, 0, 2.75-1
Ubuntu:18.04:LTS	dnsmasq	0, 2.78-1, 2.78-3
Ubuntu:20.04:LTS	dnsmasq	2.80-1.1ubuntu1, 2.80-1ubuntu4, 2.80-1ubuntu2

Timeline

Jan 18, 2021 CVE Published
Jan 20, 2021 PoC Published
Apr 14, 2021 EPSS Score
Jan 6, 2022 EPSS Score
Feb 4, 2022 EPSS Score
Apr 1, 2022 EPSS Score
Mar 7, 2023 EPSS Score
Oct 6, 2023 EPSS Score
Nov 6, 2023 CVE Updated
Nov 8, 2023 EPSS Score
Nov 9, 2024 EPSS Score
Nov 24, 2024 EPSS Score

References

https://ubuntu.com/security/CVE-2020-25681 third-party-advisory
https://www.jsof-tech.com/disclosures/dnspooq/ third-party-advisory
http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2021q1/014599.html third-party-advisory
https://ubuntu.com/security/notices/USN-4698-1 vendor-advisory
https://www.cve.org/CVERecord?id=CVE-2020-25681 third-party-advisory

Open in Interactive Console →