---

CVE-2020-25681 - log back

CVE-2020-25681 edited at 19 Jan 2021 12:55:36
Severity	- Unknown + High
Remote	- Unknown + Remote
Type	- Unknown + Arbitrary code execution
Description	+ A heap-based buffer overflow was discovered in dnsmasq before version 2.83 in the way it sorts RRSets before validating them with DNSSEC data. An attacker on the network, who can forge DNS replies such as that they are accepted as valid, could use this flaw to cause an overflow with arbitrary data in a heap-allocated memory, possibly executing code on the machine.
References	+ https://www.openwall.com/lists/oss-security/2021/01/19/1 + https://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2021q1/014599.html + https://www.jsof-tech.com/disclosures/dnspooq/ + https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commitdiff;h=4e96a4be685c9e4445f6ee79ad0b36b9119b502a
Notes

CVE-2020-25681 created at 19 Jan 2021 12:52:46