{ "threat_severity" : "Moderate", "public_date" : "2021-01-19T00:00:00Z", "bugzilla" : { "description" : "dnsmasq: heap-based buffer overflow with large memcpy in sort_rrset() when DNSSEC is enabled", "id" : "1891568", "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=1891568" }, "cvss3" : { "cvss3_base_score" : "5.9", "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H", "status" : "verified" }, "cwe" : "CWE-122", "details" : [ "A flaw was found in dnsmasq before version 2.83. A heap-based buffer overflow was discovered in dnsmasq when DNSSEC is enabled and before it validates the received DNS entries. This flaw allows a remote attacker, who can create valid DNS replies, to cause an overflow in a heap-allocated memory. This flaw is caused by the lack of length checks in rfc1035.c:extract_name(), which could be abused to make the code execute memcpy() with a negative size in sort_rrset() and cause a crash in dnsmasq, resulting in a denial of service. The highest threat from this vulnerability is to system availability.", "A flaw was found in dnsmasq. A heap-based buffer overflow was discovered in dnsmasq when DNSSEC is enabled and before it validates the received DNS entries. This flaw allows a remote attacker, who can create valid DNS replies, to cause an overflow in a heap-allocated memory. This flaw is caused by the lack of length checks in rfc1035.c:extract_name(), which could be abused to make the code execute memcpy() with a negative size in sort_rrset() and cause a crash in dnsmasq, resulting in a denial of service. The highest threat from this vulnerability is to system availability." ], "statement" : "This issue does not affect the versions of dnsmasq as shipped with Red Hat Enterprise Linux 5, 6, and 7 as they are not compiled with DNSSEC support.", "acknowledgement" : "Red Hat would like to thank Moshe Kol (JSOF) and Shlomi Oberman (JSOF) for reporting this issue.", "affected_release" : [ { "product_name" : "Red Hat Enterprise Linux 8", "release_date" : "2021-01-19T00:00:00Z", "advisory" : "RHSA-2021:0150", "cpe" : "cpe:/a:redhat:enterprise_linux:8", "package" : "dnsmasq-0:2.79-13.el8_3.1" }, { "product_name" : "Red Hat Enterprise Linux 8.1 Extended Update Support", "release_date" : "2021-01-19T00:00:00Z", "advisory" : "RHSA-2021:0152", "cpe" : "cpe:/a:redhat:rhel_eus:8.1", "package" : "dnsmasq-0:2.79-6.el8_1.1" }, { "product_name" : "Red Hat Enterprise Linux 8.2 Extended Update Support", "release_date" : "2021-01-19T00:00:00Z", "advisory" : "RHSA-2021:0151", "cpe" : "cpe:/a:redhat:rhel_eus:8.2", "package" : "dnsmasq-0:2.79-11.el8_2.2" } ], "package_state" : [ { "product_name" : "Red Hat Enterprise Linux 5", "fix_state" : "Not affected", "package_name" : "dnsmasq", "cpe" : "cpe:/o:redhat:enterprise_linux:5" }, { "product_name" : "Red Hat Enterprise Linux 6", "fix_state" : "Not affected", "package_name" : "dnsmasq", "cpe" : "cpe:/o:redhat:enterprise_linux:6" }, { "product_name" : "Red Hat Enterprise Linux 7", "fix_state" : "Not affected", "package_name" : "dnsmasq", "cpe" : "cpe:/o:redhat:enterprise_linux:7" }, { "product_name" : "Red Hat Enterprise Linux 9", "fix_state" : "Not affected", "package_name" : "dnsmasq", "cpe" : "cpe:/o:redhat:enterprise_linux:9" }, { "product_name" : "Red Hat OpenStack Platform 10 (Newton)", "fix_state" : "Not affected", "package_name" : "dnsmasq", "cpe" : "cpe:/a:redhat:openstack:10" }, { "product_name" : "Red Hat OpenStack Platform 13 (Queens)", "fix_state" : "Not affected", "package_name" : "dnsmasq", "cpe" : "cpe:/a:redhat:openstack:13" } ], "references" : [ "https://www.cve.org/CVERecord?id=CVE-2020-25687\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-25687\nhttps://www.jsof-tech.com/disclosures/dnspooq/" ], "csaw" : true, "name" : "CVE-2020-25687", "mitigation" : { "value" : "The only known way to mitigate this flaw is to disable DNSSEC altogether, by removing the `--dnssec` command line option or the `dnssec` option from dnsmasq configuration file.", "lang" : "en:us" } }