CVE-2020-25686 - log back

CVE-2020-25686 edited at 19 Jan 2021 13:02:30
- Unknown
+ Medium
- Unknown
+ Remote
- Unknown
+ Insufficient validation
+ A flaw was found when receiving a query, where dnsmasq before version 2.83 does not check for an existing pending request for the same name and forwards a new request. By default, a maximum of 150 pending queries can be sent to upstream servers, so there can be at most 150 queries for the same name. This flaw allows an off-path attacker on the network to substantially reduce the number of attempts that would have to be performed to forge a reply and have it accepted by dnsmasq. This issue is mentioned in the "Birthday Attacks" section of RFC5452. If chained with CVE-2020-25684, the attack complexity of a successful attack is reduced.
CVE-2020-25686 created at 19 Jan 2021 12:52:46