CVE-2020-25683
CVE-2020-25683
In short
A flaw in dnsmasq allows remote attackers to crash the service by sending specially crafted DNS replies when DNSSEC is enabled. This happens because the software doesn't properly check the length of data before copying it in memory, leading to a crash that prevents DNS lookups from working.
Technical detail
A heap-based buffer overflow exists in dnsmasq's rfc1035.c extract_name() function due to missing length validation. An unauthenticated remote attacker can exploit this by sending malformed DNS responses when DNSSEC validation is active, triggering memcpy() with invalid size parameters and causing denial of service through process termination.
Summary generated and translated by AI from the official description.
A flaw was found in dnsmasq before version 2.83. A heap-based buffer overflow was discovered in dnsmasq when DNSSEC is enabled and before it validates the received DNS entries. A remote attacker, who can create valid DNS replies, could use this flaw to cause an overflow in a heap-allocated memory. This flaw is caused by the lack of length checks in rfc1035.c:extract_name(), which could be abused to make the code execute memcpy() with a negative size in get_rdata() and cause a crash in dnsmasq, resulting in a denial of service. The highest threat from this vulnerability is to system availability.
Affected products
n/a · dnsmasqWant to know if your infrastructure is exposed to this?
Talk to TrueHacking →References
https://bugzilla.redhat.com/show_bug.cgi?id=1882018https://lists.debian.org/debian-lts-announce/2021/03/msg00027.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/QGB7HL3OWHTLEPSMLDGOMXQKG3KM2QME/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WYW3IR6APUSKOYKL5FT3ACTIHWHGQY32/https://security.gentoo.org/glsa/202101-17https://www.debian.org/security/2021/dsa-4844https://www.jsof-tech.com/disclosures/dnspooq/https://www.kb.cert.org/vuls/id/434904