Your submission was sent successfully! Close

You have successfully unsubscribed! Close

Thank you for signing up for our newsletter!
In these regular emails you will find the latest updates about Ubuntu and upcoming events where you can meet our team.Close

CVE-2020-25686

Publication date 19 January 2021

Last updated 24 July 2024


Ubuntu priority

Cvss 3 Severity Score

3.7 · Low

Score breakdown

A flaw was found in dnsmasq before version 2.83. When receiving a query, dnsmasq does not check for an existing pending request for the same name and forwards a new request. By default, a maximum of 150 pending queries can be sent to upstream servers, so there can be at most 150 queries for the same name. This flaw allows an off-path attacker on the network to substantially reduce the number of attempts that it would have to perform to forge a reply and have it accepted by dnsmasq. This issue is mentioned in the "Birthday Attacks" section of RFC5452. If chained with CVE-2020-25684, the attack complexity of a successful attack is reduced. The highest threat from this vulnerability is to data integrity.

Status

Package Ubuntu Release Status
dnsmasq 24.04 LTS noble
Fixed 2.82-1ubuntu2
23.10 mantic
Fixed 2.82-1ubuntu2
23.04 lunar
Fixed 2.82-1ubuntu2
22.10 kinetic
Fixed 2.82-1ubuntu2
22.04 LTS jammy
Fixed 2.82-1ubuntu2
21.10 impish
Fixed 2.82-1ubuntu2
21.04 hirsute
Fixed 2.82-1ubuntu2
20.10 groovy
Fixed 2.82-1ubuntu1.1
20.04 LTS focal
Fixed 2.80-1.1ubuntu1.2
18.04 LTS bionic
Fixed 2.79-1ubuntu0.2
16.04 LTS xenial
Fixed 2.75-1ubuntu0.16.04.7
14.04 LTS trusty
Needs evaluation

Severity score breakdown

Parameter Value
Base score 3.7 · Low
Attack vector Network
Attack complexity High
Privileges required None
User interaction None
Scope Unchanged
Confidentiality None
Integrity impact Low
Availability impact None
Vector CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N