Executive Summary

Informations
Name CVE-2020-25686 First vendor Publication 2021-01-20
Vendor Cve Last vendor Modification 2024-11-21

Security-Database Scoring CVSS v3

Cvss vector : CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N
Overall CVSS Score 3.7
Base Score 3.7 Environmental Score 3.7
impact SubScore 1.4 Temporal Score 3.7
Exploitabality Sub Score 2.2
 
Attack Vector Network Attack Complexity High
Privileges Required None User Interaction None
Scope Unchanged Confidentiality Impact None
Integrity Impact Low Availability Impact None
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:N/AC:M/Au:N/C:N/I:P/A:N)
Cvss Base Score 4.3 Attack Range Network
Cvss Impact Score 2.9 Attack Complexity Medium
Cvss Expoit Score 8.6 Authentication None Required
Calculate full CVSS 2.0 Vectors scores

Detail

A flaw was found in dnsmasq before version 2.83. When receiving a query, dnsmasq does not check for an existing pending request for the same name and forwards a new request. By default, a maximum of 150 pending queries can be sent to upstream servers, so there can be at most 150 queries for the same name. This flaw allows an off-path attacker on the network to substantially reduce the number of attempts that it would have to perform to forge a reply and have it accepted by dnsmasq. This issue is mentioned in the "Birthday Attacks" section of RFC5452. If chained with CVE-2020-25684, the attack complexity of a successful attack is reduced. The highest threat from this vulnerability is to data integrity.

Original Source

Url : http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25686

CPE : Common Platform Enumeration

TypeDescriptionCount
Application 1
Application 77
Os 74
Os 1
Os 2

Sources (Detail)

https://bugzilla.redhat.com/show_bug.cgi?id=1890125
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedora...
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedora...
https://security.gentoo.org/glsa/202101-17
https://www.arista.com/en/support/advisories-notices/security-advisories/1213...
https://www.debian.org/security/2021/dsa-4844
https://www.jsof-tech.com/disclosures/dnspooq/
Source Url

Alert History

If you want to see full details history, please login or register.
0
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
Date Informations
2024-11-28 13:42:31
  • Multiple Updates
2024-04-25 02:10:06
  • Multiple Updates
2023-11-07 21:36:01
  • Multiple Updates
2023-09-06 02:03:47
  • Multiple Updates
2022-09-07 01:53:11
  • Multiple Updates
2022-02-14 21:22:35
  • Multiple Updates
2022-01-25 17:23:15
  • Multiple Updates
2021-05-04 13:50:43
  • Multiple Updates
2021-04-22 03:02:33
  • Multiple Updates
2021-03-26 12:34:04
  • Multiple Updates
2021-02-22 21:23:17
  • Multiple Updates
2021-02-20 09:22:47
  • Multiple Updates
2021-02-09 17:22:53
  • Multiple Updates
2021-02-04 21:23:22
  • Multiple Updates
2021-01-27 00:22:53
  • Multiple Updates
2021-01-26 21:23:30
  • Multiple Updates
2021-01-21 00:22:49
  • Multiple Updates
2021-01-20 21:23:24
  • First insertion