CVE-2020-25687

Name	CVE-2020-25687
Description	A flaw was found in dnsmasq before version 2.83. A heap-based buffer overflow was discovered in dnsmasq when DNSSEC is enabled and before it validates the received DNS entries. This flaw allows a remote attacker, who can create valid DNS replies, to cause an overflow in a heap-allocated memory. This flaw is caused by the lack of length checks in rfc1035.c:extract_name(), which could be abused to make the code execute memcpy() with a negative size in sort_rrset() and cause a crash in dnsmasq, resulting in a denial of service. The highest threat from this vulnerability is to system availability.
Source	CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
References	DLA-2604-1, DSA-4844-1, ELA-389-1

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
dnsmasq (PTS)	jessie, jessie (lts)	2.72-3+deb8u7	fixed
	stretch (security)	2.76-5+deb9u3	fixed
	stretch (lts), stretch	2.76-5+deb9u4	fixed
	buster, buster (lts)	2.80-1+deb10u2	fixed
	buster (security)	2.80-1+deb10u1	fixed
	bullseye	2.85-1	fixed
	bookworm	2.89-1	fixed
	sid, trixie	2.90-4	fixed

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Origin
dnsmasq	source	jessie	2.72-3+deb8u6	ELA-389-1
dnsmasq	source	stretch	2.76-5+deb9u3	DLA-2604-1
dnsmasq	source	buster	2.80-1+deb10u1	DSA-4844-1
dnsmasq	source	(unstable)	2.83-1

Notes

https://www.openwall.com/lists/oss-security/2021/01/19/1
https://thekelleys.org.uk/gitweb/?p=dnsmasq.git;a=commit;h=4e96a4be685c9e4445f6ee79ad0b36b9119b502a