Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
certCERTVU:434904
HistoryJan 19, 2021 - 12:00 a.m.

Dnsmasq is vulnerable to memory corruption and cache poisoning

2021-01-1900:00:00
www.kb.cert.org
144

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

7.7 High

AI Score

Confidence

High

8.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:P/I:P/A:C

0.159 Low

EPSS

Percentile

95.9%

JSON

Overview

Dnsmasq is vulnerable to a set of memory corruption issues handling DNSSEC data and a second set of issues validating DNS responses. These vulnerabilities could allow an attacker to corrupt memory on a vulnerable system and perform cache poisoning attacks against a vulnerable environment.

These vulnerabilities are also tracked as ICS-VU-668462 and referred to as DNSpooq.

Description

Dnsmasq is widely used open-source software that provides DNS forwarding and caching (and also a DHCP server). Dnsmasq is common in Internet-of-Things (IoT) and other embedded devices.

JSOF reported multiple memory corruption vulnerabilities in dnsmasq due to boundary checking errors in DNSSEC handling code.

  • CVE-2020-25681: A heap-based buffer overflow in dnsmasq in the way it sorts RRSets before validating them with DNSSEC data in an unsolicited DNS response
  • CVE-2020-25682: A buffer overflow vulnerability in the way dnsmasq extract names from DNS packets before validating them with DNSSEC data
  • CVE-2020-25683: A heap-based buffer overflow in get_rdata subroutine of dnsmasq, when DNSSEC is enabled and before it validates the received DNS entries
  • CVE-2020-25687: A heap-based buffer overflow in sort_rrset subroutine of dnsmasq, when DNSSEC is enabled and before it validates the received DNS entries

JSOF also reported vulnerabilities in DNS response validation that can result in DNS cache poisoning.

  • CVE-2020-25684: Dnsmasq does not validate the combination of address/port and the query-id fields of DNS request when accepting DNS responses
  • CVE-2020-25685: Dnsmasq uses a weak hashing algorithm (CRC32) when compiled without DNSSEC to validate DNS responses
  • CVE-2020-25686: Dnsmasq does not check for an existing pending request for the same name and forwards a new request thus allowing an attacker to perform a “Birthday Attack” scenario to forge replies and potentially poison the DNS cache

Note: These cache poisoning scenarios and defenses are discussed in IETF RFC5452.

Impact

The memory corruption vulnerabilities can be triggered by a remote attacker using crafted DNS responses that can lead to denial of service, information exposure, and potentially remote code execution. The DNS response validation vulnerabilities allow an attacker to use unsolicited DNS responses to poison the DNS cache and redirect users to arbitrary sites.

Solution

Apply updates

These vulnerabilities are addressed in dnsmasq 2.83. Users of IoT and embedded devices that use dnsmasq should contact their vendors.

Follow security best-practices

Consider the following security best-practices to protect DNS infrastructure:

  • Protect your DNS clients using stateful-inspection firewall that provide DNS security (e.g., stateful firewalls and NAT devices can block unsolicited DNS responses, DNS application layer inspection can prevent forwarding of anomalous DNS packets).
  • Provide secure DNS recursion service with features such as DNSSEC validation and the interim 0x20-bit encoding as part of enterprise DNS services where applicable.
  • Prevent exposure of IoT devices and lightweight devices directly over the Internet to minimize abuse of DNS.
  • Implement a Secure By Default configuration suitable for your operating environment (e.g., disable caching on embedded IoT devices when an upstream caching resolver is available).

Acknowledgements

Moshe Kol and Shlomi Oberman of JSOF researched and reported these vulnerabilities. Simon Kelley (author of dnsmasq) worked closely with collaborative vendors (Cisco, Google, Pi-Hole, Redhat) to develop patches to address these security vulnerabilities. GitHub also supported these collaboration efforts providing support to use their GitHub Security Advisory platform for collaboration.

This document was written by Vijay Sarvepalli.

Vendor Information

434904

Filter by status: All Affected Not Affected Unknown

Filter by content: __ Additional information available

__ Sort by: Status Alphabetical

Expand all

Arista Networks Affected

Notified: 2020-09-23 Updated: 2021-01-19

Statement Date: January 04, 2021

CVE-2020-25681 Not Affected
CVE-2020-25682 Not Affected CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

Check Point __ Affected

Notified: 2020-09-24 Updated: 2021-02-08

Statement Date: February 08, 2021

CVE-2020-25681 Not Affected
CVE-2020-25682 Not Affected CVE-2020-25683

Vendor Statement

Check Point Gaia is not vulnerable.

Check Point SMB is vulnerable to CVE-2020-25686, CVE-2020-25684, CVE-2020-25685 on internal (LAN, Wi-Fi) networks. And updated firware is available at https://supportcenter.checkpoint.com/

Cisco __ Affected

Notified: 2020-09-24 Updated: 2021-01-19

Statement Date: January 02, 2021

CVE-2020-25681 Not Affected
CVE-2020-25682 Not Affected CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

References

Cradlepoint __ Affected

Notified: 2020-09-24 Updated: 2021-01-19

Statement Date: January 19, 2021

CVE-2020-25681 Affected
CVE-2020-25682 Affected CVE-2020-25683

Vendor Statement

Cradlepoint devices running NetCloud OS (NCOS) use dnsmasq for domain resolution, domain caching and DHCP services on the local LAN. DNS is a configurable service within NCOS therefore possible configuration states and potential impacts are listed.

Affected Components: NCOS versions up to 7.21.20

Recommendations:
Promptly test and upgrade to the latest NCOS version upon release
Disable (do not enable) DNSSEC until patched
Authenticate clients to the LAN using 802.1X
Do not configure firewall to expose DNS services (UDP port 53) on WAN interfaces

Default Configuration: DNSSEC disabled

Cradlepoint Severity: Low/Medium (dependent upon environment) **Potentially Impacted:**Local LAN users, clients and services **Potential attack path:**Local LAN Associated CVEs: CVE-2020-25684, CVE-2020-25685, CVE-2020-25686

Modified Configuration: DNSSEC enabled

Cradlepoint Severity: Medium/High (dependent upon environment) **Potentially Impacted:**Device and sub-services; Local LAN users, clients and services **Potential attack path:**Local LAN Associated CVEs: CVE-2020-25681, CVE-2020-25682, CVE-2020-25683, CVE-2020-25687

Modified Configuration: DNS services exposed on WAN

Cradlepoint Severity: Critical (dependent upon environment) **Potentially Impacted:**See above **Potential attack paths:**WAN interfaces; Local LAN Associated CVEs: See above

References

dd-wrt Affected

Notified: 2020-09-24 Updated: 2021-01-19

Statement Date: January 11, 2021

CVE-2020-25681 Unknown
CVE-2020-25682 Unknown CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

Digi International __ Affected

Notified: 2020-09-24 Updated: 2021-07-20

Statement Date: July 20, 2021

CVE-2020-25681 Affected
CVE-2020-25682 Affected CVE-2020-25683

Vendor Statement

Digi International has patched this in firmware versions 21.2.X.X on all of our DAL based products, which includes: Digi AnywhereUSB Plus 2 Digi AnywhereUSB Plus 8 Digi AnywhereUSB Plus 8 WiFi Digi AnywhereUSB Plus 24 Digi AnywhereUSB Plus 24 WiFi Digi Connect EZ1 (mini) Digi Connect EZ2 Digi Connect EZ4 Digi ConnectIT4 Digi ConnectIT16 Digi ConnectIT48 Digi ConnectIT-Mini Digi EX15 Digi EX15-PR Digi EX15W Digi EX15W-PR Digi EX12 Digi EX12-PR Digi IX10 Digi IX14 Digi IX15 Digi IX20

Digi IX20-PR Digi IX20W Digi IX20W-PR Digi LR54 Digi LR54W Digi TX54-Dual-Cellular Digi TX54-Dual-Cellular-PR Digi TX54-Dual-Wi-Fi Digi TX54-Single-Cellular Digi TX54-Single-Cellular-PR Digi TX64 Digi TX64-PR Digi TX64-Rail-Single-Cellular-PR Digi VirtualDAL Digi VirtualDAL-PR AcceleratedConcepts 6350-SR AcceleratedConcepts 6355-SR AcceleratedConcepts 6330-MX AcceleratedConcepts 6335-MX AcceleratedConcepts 6310-DX AcceleratedConcepts 5400-RM AcceleratedConcepts 5401-RM AcceleratedConcepts 6300-CX

References

Fujitsu Europe __ Affected

Notified: 2020-12-15 Updated: 2021-06-02

Statement Date: May 31, 2021

CVE-2020-25681 Unknown
CVE-2020-25682 Unknown CVE-2020-25683

Vendor Statement

Fujitsu is aware of the security vulnerabilities in software dnsmasq, also known as “DNSpooq”.

Affected products are Fujitsu INTELLIEDGE, Fujitsu ServerView Services for ISM, Fujitsu SOA SysRollout Service, Fujitsu SOA Profile Management Service, Fujitsu ISM (Core) and Fujitsu FlexFrame Orchestrator (SAP). Updates are pending or already available.

The Fujitsu PSIRT has updated the state for Fujitsu PSIRT-IS-2021-011900 on https://security.ts.fujitsu.com (Security Notices) accordingly.

In case of questions regarding this Fujitsu PSIRT Security Notice, please contact the Fujitsu PSIRT ([email protected]).

Juniper Networks __ Affected

Notified: 2020-09-25 Updated: 2021-02-08

Statement Date: February 04, 2021

CVE-2020-25681 Not Affected
CVE-2020-25682 Not Affected CVE-2020-25683

Vendor Statement

The Juniper SIRT has investigated the impact of these vulnerabilities on Juniper products. Juniper Networks Junos OS, Space, and Contrail products are unaffected by these vulnerabilities.

Juniper Mist Access Points (APs) ship with Dnsmasq and are only affected by the vulnerabilities via DNS (CVE-2020-25684, CVE-2020-25685, CVE-2020-25686) 4.0/CVSS:3.1.

The Wi-Fi mPIM (Mini-PIM) card for SRX branch devices ship with Dnsmasq enabled by default and is reachable from the network. Only vulnerabilities (CVE-2020-25684, CVE-2020-25685, CVE-2020-25686): 4.0/CVSS:3.1 via DNS affect this card.

Code fixes are underway for Mist and the Mini-PIM card and customers should upgrade when those fixes are available.

Security Incident Response Team Juniper Networks

NetBSD __ Affected

Notified: 2020-09-28 Updated: 2023-06-20

Statement Date: June 19, 2023

CVE-2020-25681 Not Affected
CVE-2020-25682 Not Affected CVE-2020-25683

Vendor Statement

NetBSD does not ship dnsmasq and is not affected.

pkgsrc users, on any platform, who have elected to install net/dnsmasq may be affected, and were informed back in 2020 through the pkg-vulnerabilities database.

NETGEAR __ Affected

Notified: 2020-09-28 Updated: 2021-01-19

Statement Date: January 14, 2021

CVE-2020-25681 Affected
CVE-2020-25682 Affected CVE-2020-25683

Vendor Statement

Netgear has released fixes for multiple Dnsmasq security vulnerabilities on the following product affected models: RAX40 running firmware versions prior to v1.0.3.88 RAX35 running firmware versions prior to v1.0.3.88

NETGEAR strongly recommends that you download the latest firmware as soon as possible.

You and follow the steps mentioned in the security advisory to upgrade it to the latest version. https://kb.netgear.com/000062628/Security-Advisory-for-Multiple-Dnsmasq-Vulnerabilities-on-Some-Routers-PSV-2020-0463

Thanks, Rachit Dogra

References

OpenWRT __ Affected

Notified: 2020-09-28 Updated: 2021-01-19

Statement Date: January 19, 2021

CVE-2020-25681 Affected
Vendor Statement:
Only package dnsmasq-full, which is not installed by default, is affected.
CVE-2020-25682 Affected Vendor Statement:
Only package dnsmasq-full, which is not installed by default, is affected.
CVE-2020-25683 Affected Vendor Statement:
Only package dnsmasq-full, which is not installed by default, is affected.
CVE-2020-25684 Affected CVE-2020-25685
Only package dnsmasq-full, which is not installed by default, is affected.
CVE-2020-25686 Affected CVE-2020-25687
Only package dnsmasq-full, which is not installed by default, is affected.

Vendor Statement

OpenWrt shipps the following variants: * dnsmasq * dnsmasq-dhcpv6 * dnsmasq-full

Only dnsmasq-full has support for DNSSEC and only this variant is affected by the problems in the DNSSEC code as far as we understand them. The other problems affect all variants. The default installation contains the dnsmasq package only, but the user can install the other variants.

References

Pi-Hole Affected

Notified: 2020-10-12 Updated: 2021-01-19

Statement Date: January 11, 2021

CVE-2020-25681 Affected
CVE-2020-25682 Affected CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

Red Hat __ Affected

Notified: 2020-09-25 Updated: 2021-01-19

Statement Date: January 15, 2021

CVE-2020-25681 Affected
Vendor Statement:
This issue affects the versions of dnsmasq as shipped with Red Hat Enterprise Linux 8, but it does not affect the versions of dnsmasq as shipped with Red Hat Enterprise Linux 5, 6, and 7 because they are not compiled with DNSSEC support.
References:

  • <https://access.redhat.com/security/cve/cve-2020-25681&gt;
    CVE-2020-25682| Affected Vendor Statement:
    This issue affects the versions of dnsmasq as shipped with Red Hat Enterprise Linux 8, but it does not affect the versions of dnsmasq as shipped with Red Hat Enterprise Linux 5, 6, and 7 because they are not compiled with DNSSEC support.
    References:

  • <https://access.redhat.com/security/cve/cve-2020-25682&gt;
    CVE-2020-25683| Affected Vendor Statement:
    This issue affects the versions of dnsmasq as shipped with Red Hat Enterprise Linux 8, but it does not affect the versions of dnsmasq as shipped with Red Hat Enterprise Linux 5, 6, and 7 because they are not compiled with DNSSEC support.
    References:

  • <https://access.redhat.com/security/cve/cve-2020-25683&gt;
    CVE-2020-25684| Affected Vendor Statement:
    This issue affects the versions of dnsmasq as shipped with Red Hat Enterprise Linux 5, 6, 7, and 8. Red Hat OpenStack Platform (RHOSP) and Red Hat Virtualization (RHV) are indirectly affected as well.
    References:

  • <https://access.redhat.com/security/cve/cve-2020-25684&gt;
    CVE-2020-25685| Affected Vendor Statement:
    This issue affects the versions of dnsmasq as shipped with Red Hat Enterprise Linux 5, 6, 7, and 8. Red Hat Enterprise Linux 8 provides dnsmasq compiled with DNSSEC support, thus SHA-1 is used as a hash for query names instead of CRC32, making collisions harder to find. Red Hat OpenStack Platform (RHOSP) and Red Hat Virtualization (RHV) are indirectly affected as well.
    References:

  • <https://access.redhat.com/security/cve/cve-2020-25685&gt;
    CVE-2020-25686| Affected Vendor Statement:
    This issue affects the versions of dnsmasq as shipped with Red Hat Enterprise Linux 5, 6, 7, and 8. Red Hat OpenStack Platform (RHOSP) and Red Hat Virtualization (RHV) are indirectly affected as well.
    References:

  • <https://access.redhat.com/security/cve/cve-2020-25686&gt;
    CVE-2020-25687| Affected Vendor Statement:
    This issue affects the versions of dnsmasq as shipped with Red Hat Enterprise Linux 8, but it does not affect the versions of dnsmasq as shipped with Red Hat Enterprise Linux 5, 6, and 7 because they are not compiled with DNSSEC support.
    References:

  • <https://access.redhat.com/security/cve/cve-2020-25687&gt;

References

Siemens __ Affected

Notified: 2020-10-12 Updated: 2021-01-19

Statement Date: January 19, 2021

CVE-2020-25681 Not Affected
CVE-2020-25682 Not Affected CVE-2020-25683

Vendor Statement

Siemens is aware of the security vulnerabilities in the Open Source component DNSmasq, as disclosed on 2021-01-19 and also known as “DNSpooq”.

The impact to Siemens products is described in the Security Advisory SSA-646763, published on the Siemens ProductCERT page (https://www.siemens.com/cert/advisories).

In case of questions regarding this Security Advisory, please contact Siemens ProductCERT ([email protected]).

References

Sierra Wireless __ Affected

Notified: 2020-09-28 Updated: 2021-01-20

Statement Date: January 20, 2021

CVE-2020-25681 Affected
CVE-2020-25682 Affected CVE-2020-25683

Vendor Statement

Sierra Wireless products are affected by some of these vulnerabilities. Please check the security bulletin linked in the reference section for details on your product. Sierra Wireless would like to thank JSOF for discovering and responsibly reporting these issues, as well as the efforts of CERT/CC for coordinating the response.

References

Sophos __ Affected

Notified: 2020-09-28 Updated: 2021-01-20

Statement Date: January 20, 2021

CVE-2020-25681 Not Affected
References:

Vendor Statement

Sophos Red devices are impacted. More information to follow

References

SUSE Linux Affected

Notified: 2020-09-28 Updated: 2021-01-19

Statement Date: January 14, 2021

CVE-2020-25681 Affected
CVE-2020-25682 Affected CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

Synology __ Affected

Notified: 2020-09-28 Updated: 2021-01-22

Statement Date: January 21, 2021

CVE-2020-25681 Not Affected
CVE-2020-25682 Not Affected CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

References

Technicolor __ Affected

Notified: 2020-09-15 Updated: 2021-01-19

Statement Date: September 29, 2020

CVE-2020-25681 Unknown
CVE-2020-25682 Affected Vendor Statement:
we confirm that dnsmaq is affected by this vulnerability. however it is very unlikely to see real world exploitation of this vulnerability. It requires dnsmasq to be configured to do DNS requests to a rogue DNS that will serve these unrelated CNAME records. Devices are configured to request ISPs DNS. Moreover, these unrelated CNAME records are not valid and cannot be configured in a regular zone file; they require custom DNS server to be served. So, if you control a custom DNS and you can configure dnsmasq to request this DNS, no need to exploit a vulnerability to poison the cache, just answer what you want. Risk level : LOW CVSS v2 : 3.6
References:

Wind River Affected

Notified: 2020-09-29 Updated: 2021-01-19

Statement Date: October 14, 2020

CVE-2020-25681 Affected
CVE-2020-25682 Affected CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

Zephyr Project __ Affected

Notified: 2020-09-29 Updated: 2021-01-19

Statement Date: October 27, 2020

CVE-2020-25681 Affected
CVE-2020-25682 Affected CVE-2020-25683

Vendor Statement

The Zephyr project consists of a core RTOS, numerous additional modules, and an extensive suite of test builds and test cases. This vulnerability does not directly affect the RTOS, or the additional modules. However, some of the test cases use the dnsmasq tool, which could render these testing environment vulnerable. In these test cases, the dnsmasq tool is used strictly by RTOS+test code running within the QEMU simulation environment. Attacks on dnsmasq could result in test failures causing a denial of service to the project (due to incorrect failures).

A10 Networks __ Not Affected

Notified: 2020-09-23 Updated: 2021-07-20

Statement Date: June 23, 2021

CVE-2020-25681 Not Affected
CVE-2020-25682 Not Affected CVE-2020-25683

Vendor Statement

Dnsmasq is not used in current and supported A10 Networks, Inc products.

Actiontec __ Not Affected

Notified: 2020-09-23 Updated: 2021-01-19

Statement Date: January 19, 2021

CVE-2020-25681 Not Affected
CVE-2020-25682 Not Affected CVE-2020-25683

Vendor Statement

we do not use dnsmasq in our products

Afero Not Affected

Notified: 2020-09-23 Updated: 2021-01-19

Statement Date: November 02, 2020

CVE-2020-25681 Not Affected
CVE-2020-25682 Not Affected CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

Android Open Source Project __ Not Affected

Notified: 2020-09-23 Updated: 2021-01-19

Statement Date: November 23, 2020

CVE-2020-25681 Not Affected
CVE-2020-25682 Not Affected CVE-2020-25683

Vendor Statement

While Android does have Dnsmasq code but it is used in a limited capacity and cannot be attacked or exploited in the manner described in this report.

AVM GmbH __ Not Affected

Notified: 2020-09-23 Updated: 2021-01-19

Statement Date: October 30, 2020

CVE-2020-25681 Not Affected
CVE-2020-25682 Not Affected CVE-2020-25683
AVM does not use dnsmasq
CVE-2020-25687 Not Affected Vendor Statement:
AVM does not use dnsmasq

Vendor Statement

AVM doesn’t use the dnsmasq project within its firmwares.

Barracuda Networks Not Affected

Notified: 2020-09-23 Updated: 2021-01-19

Statement Date: January 19, 2021

CVE-2020-25681 Not Affected
CVE-2020-25682 Not Affected CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

Blackberry QNX Not Affected

Notified: 2020-09-23 Updated: 2021-01-19

Statement Date: October 30, 2020

CVE-2020-25681 Not Affected
CVE-2020-25682 Not Affected CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

Brocade Communication Systems __ Not Affected

Notified: 2020-09-24 Updated: 2021-01-19

Statement Date: November 25, 2020

CVE-2020-25681 Not Affected
CVE-2020-25682 Not Affected CVE-2020-25683

Vendor Statement

No Brocade Fibre Channel Products from Broadcom are currently known to be affected by these vulnerabilities.

eCosCentric __ Not Affected

Notified: 2020-09-24 Updated: 2021-01-19

Statement Date: November 25, 2020

CVE-2020-25681 Not Affected
CVE-2020-25682 Not Affected CVE-2020-25683

Vendor Statement

Do not use/supply Dnsmasq

eero __ Not Affected

Notified: 2020-09-24 Updated: 2021-01-19

Statement Date: January 15, 2021

CVE-2020-25681 Not Affected
CVE-2020-25682 Not Affected CVE-2020-25683

Vendor Statement

eero products do not use the affected functionality of the affected software products, and so are unaffected by these vulnerabilities.

Espressif Systems __ Not Affected

Notified: 2020-09-24 Updated: 2021-01-20

Statement Date: January 20, 2021

CVE-2020-25681 Not Affected
CVE-2020-25682 Not Affected CVE-2020-25683

Vendor Statement

Espressif doesn’t use dnsmasq in any product SDKs or other published software, so is not affected.

F5 Networks __ Not Affected

Notified: 2020-09-24 Updated: 2021-01-19

Statement Date: December 05, 2020

CVE-2020-25681 Not Affected
Vendor Statement:
The package dnsmasq and/or associated binaries are not installed on F5 products, therefore they are not affected by these vulnerabilities.
CVE-2020-25682 Not Affected Vendor Statement:
The package dnsmasq and/or associated binaries are not installed on F5 products, therefore they are not affected by these vulnerabilities.
CVE-2020-25683 Not Affected Vendor Statement:
The package dnsmasq and/or associated binaries are not installed on F5 products, therefore they are not affected by these vulnerabilities.
CVE-2020-25684 Not Affected Vendor Statement:
The package dnsmasq and/or associated binaries are not installed on F5 products, therefore they are not affected by these vulnerabilities.
CVE-2020-25685 Not Affected Vendor Statement:
The package dnsmasq and/or associated binaries are not installed on F5 products, therefore they are not affected by these vulnerabilities.
CVE-2020-25686 Not Affected Vendor Statement:
The package dnsmasq and/or associated binaries are not installed on F5 products, therefore they are not affected by these vulnerabilities.
CVE-2020-25687 Not Affected Vendor Statement:
The package dnsmasq and/or associated binaries are not installed on F5 products, therefore they are not affected by these vulnerabilities.

Vendor Statement

The package dnsmasq and/or associated binaries are not installed on F5 products, therefore they are not affected by these vulnerabilities.

FreeBSD __ Not Affected

Notified: 2020-09-24 Updated: 2021-01-19

Statement Date: September 24, 2020

CVE-2020-25681 Not Affected
CVE-2020-25682 Not Affected CVE-2020-25683

Vendor Statement

FreeBSD does not ship with dnsmasq as part of the base system. dnsmasq is available as part of the FreeBSD ports/pkg system, but the responsibility for analysis of risk lies with the administrator that chooses to install and configure dnsmasq.

F-Secure Corporation __ Not Affected

Notified: 2020-09-24 Updated: 2021-10-06

Statement Date: June 24, 2021

CVE-2020-25681 Not Affected
CVE-2020-25682 Not Affected CVE-2020-25683

Vendor Statement

Not Affected.

Google Not Affected

Notified: 2020-09-24 Updated: 2021-01-19

Statement Date: December 07, 2020

CVE-2020-25681 Not Affected
CVE-2020-25682 Not Affected CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

HCC Embedded Not Affected

Notified: 2020-09-24 Updated: 2021-01-19

Statement Date: November 26, 2020

CVE-2020-25681 Not Affected
CVE-2020-25682 Not Affected CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

Infoblox Not Affected

Notified: 2020-09-25 Updated: 2021-01-19

Statement Date: October 16, 2020

CVE-2020-25681 Not Affected
CVE-2020-25682 Not Affected CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

Intel Not Affected

Notified: 2020-09-25 Updated: 2021-01-19

Statement Date: January 19, 2021

CVE-2020-25681 Not Affected
CVE-2020-25682 Not Affected CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

LANCOM Systems GmbH __ Not Affected

Notified: 2020-09-25 Updated: 2021-01-19

Statement Date: January 14, 2021

CVE-2020-25681 Not Affected
CVE-2020-25682 Not Affected CVE-2020-25683

Vendor Statement

LANCOM Systems products are not affected by these vulnerabilities.

lwIP __ Not Affected

Notified: 2020-09-25 Updated: 2021-01-19

Statement Date: December 04, 2020

CVE-2020-25681 Not Affected
CVE-2020-25682 Not Affected CVE-2020-25683

Vendor Statement

lwIP does not use dnsmasq code. We’ve had similar bugs like 1 and 2 here in the past (with their own CVE), but these have been fixed quite a while ago.

Mbed TLS Not Affected

Notified: 2020-09-23 Updated: 2021-01-19

Statement Date: September 24, 2020

CVE-2020-25681 Not Affected
CVE-2020-25682 Not Affected CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

McAfee Not Affected

Notified: 2020-09-28 Updated: 2021-06-02

Statement Date: May 17, 2021

CVE-2020-25681 Not Affected
CVE-2020-25682 Not Affected CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

MikroTik __ Not Affected

Notified: 2020-09-28 Updated: 2021-01-19

Statement Date: September 29, 2020

CVE-2020-25681 Not Affected
Vendor Statement:
Dnsmasq not used in MikroTik software
CVE-2020-25682 Not Affected Vendor Statement:
Dnsmasq not used in MikroTik software
CVE-2020-25683 Not Affected Vendor Statement:
Dnsmasq not used in MikroTik software
CVE-2020-25684 Unknown CVE-2020-25685
Dnsmasq not used in MikroTik software
CVE-2020-25686 Unknown CVE-2020-25687

Vendor Statement

Dnsmasq not used in MikroTik software

Miredo __ Not Affected

Notified: 2020-09-28 Updated: 2021-01-19

Statement Date: January 19, 2021

CVE-2020-25681 Not Affected
CVE-2020-25682 Not Affected CVE-2020-25683

Vendor Statement

dnsmasq is not used.

netsnmp Not Affected

Notified: 2020-09-28 Updated: 2021-01-19

Statement Date: October 30, 2020

CVE-2020-25681 Not Affected
CVE-2020-25682 Not Affected CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

Paessler Not Affected

Notified: 2020-09-28 Updated: 2022-11-21

Statement Date: March 28, 2022

CVE-2020-25681 Not Affected
CVE-2020-25682 Not Affected CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

Peplink Not Affected

Notified: 2020-09-28 Updated: 2021-10-06

Statement Date: September 16, 2021

CVE-2020-25681 Not Affected
CVE-2020-25682 Not Affected CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

Pulse Secure Not Affected

Notified: 2020-09-28 Updated: 2021-02-11

Statement Date: February 10, 2021

CVE-2020-25681 Not Affected
CVE-2020-25682 Not Affected CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

Rockwell Automation Not Affected

Notified: 2020-09-28 Updated: 2021-01-19

Statement Date: November 30, 2020

CVE-2020-25681 Not Affected
CVE-2020-25682 Not Affected CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

Treck __ Not Affected

Notified: 2020-09-29 Updated: 2021-06-02

Statement Date: April 25, 2021

CVE-2020-25681 Not Affected
CVE-2020-25682 Not Affected CVE-2020-25683

Vendor Statement

Treck does not use Dnsmasq.

VMware Not Affected

Notified: 2020-09-29 Updated: 2021-01-19

Statement Date: November 03, 2020

CVE-2020-25681 Not Affected
CVE-2020-25682 Not Affected CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

Ceragon Networks Inc __ Unknown

Notified: 2020-09-24 Updated: 2021-01-19

Statement Date: January 18, 2021

CVE-2020-25681 Unknown
Vendor Statement:
not relevant
CVE-2020-25682 Unknown Vendor Statement:
not relevant
CVE-2020-25683 Unknown Vendor Statement:
not relevant
CVE-2020-25684 Unknown Vendor Statement:
not relevant
CVE-2020-25685 Unknown Vendor Statement:
not relevant
CVE-2020-25686 Unknown Vendor Statement:
not relevant
CVE-2020-25687 Unknown Vendor Statement:
not relevant

D-Link Systems Inc. __ Unknown

Notified: 2020-09-24 Updated: 2021-01-19

Statement Date: September 30, 2020

CVE-2020-25681 Unknown
Vendor Statement:
D-Link has been informed that DNSmasq, a popular caching DNS server and DHCP server, is vulnerable to DNS cache poisoning attacks. We have promptly started our investigation to determine whether D-Link routers are affected, and we will provide updates as soon as we have more information. D-Link takes the issues of network security and user privacy very seriously. We have a dedicated task force and product management team on call to address evolving security issues and implement appropriate security measures. Please check the D-Link website for updates.
References:

  • [email protected]
    CVE-2020-25682| Unknown Vendor Statement:
    D-Link has been informed that DNSmasq, a popular caching DNS server and DHCP server, is vulnerable to DNS cache poisoning attacks. We have promptly started our investigation to determine whether D-Link routers are affected, and we will provide updates as soon as we have more information. D-Link takes the issues of network security and user privacy very seriously. We have a dedicated task force and product management team on call to address evolving security issues and implement appropriate security measures. Please check the D-Link website for updates.
    References:

  • [email protected]
    CVE-2020-25683| Unknown Vendor Statement:
    D-Link has been informed that DNSmasq, a popular caching DNS server and DHCP server, is vulnerable to DNS cache poisoning attacks. We have promptly started our investigation to determine whether D-Link routers are affected, and we will provide updates as soon as we have more information. D-Link takes the issues of network security and user privacy very seriously. We have a dedicated task force and product management team on call to address evolving security issues and implement appropriate security measures. Please check the D-Link website for updates.
    References:

  • [email protected]
    CVE-2020-25684| Unknown CVE-2020-25685| Unknown Vendor Statement:
    D-Link has been informed that DNSmasq, a popular caching DNS server and DHCP server, is vulnerable to DNS cache poisoning attacks. We have promptly started our investigation to determine whether D-Link routers are affected, and we will provide updates as soon as we have more information. D-Link takes the issues of network security and user privacy very seriously. We have a dedicated task force and product management team on call to address evolving security issues and implement appropriate security measures. Please check the D-Link website for updates.
    References:

  • [email protected]
    CVE-2020-25686| Unknown CVE-2020-25687| Unknown

Vendor Statement

D-Link has been informed that DNSmasq, a popular caching DNS server and DHCP server, is vulnerable to DNS cache poisoning attacks. We have promptly started our investigation to determine whether D-Link routers are affected, and we will provide updates as soon as we have more information.

D-Link takes the issues of network security and user privacy very seriously. We have a dedicated task force and product management team on call to address evolving security issues and implement appropriate security measures. Please check the D-Link website for updates.

References

IBM Corporation (zseries) __ Unknown

Notified: 2020-09-25 Updated: 2021-01-19

Statement Date: September 29, 2020

CVE-2020-25681 Unknown
CVE-2020-25682 Unknown CVE-2020-25683

Vendor Statement

As a best practice for IBM Z, IBM strongly recommends that clients obtain access to the IBM Z and LinuxONE Security Portal and subscribe to the Security Portal’s automatic notification process to get access to the latest service information on security and system integrity related APARs for z/OS and z/VM.

ACCESS Unknown

Notified: 2020-09-23 Updated: 2021-01-19 CVE-2020-25681 Unknown
CVE-2020-25682 Unknown CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

Actelis Networks Unknown

Notified: 2020-09-23 Updated: 2021-01-19 CVE-2020-25681 Unknown
CVE-2020-25682 Unknown CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

ADATA Unknown

Notified: 2020-09-23 Updated: 2021-01-19 CVE-2020-25681 Unknown
CVE-2020-25682 Unknown CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

ADTRAN Unknown

Notified: 2020-09-23 Updated: 2021-01-19 CVE-2020-25681 Unknown
CVE-2020-25682 Unknown CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

Aerohive Unknown

Notified: 2020-09-23 Updated: 2021-01-19 CVE-2020-25681 Unknown
CVE-2020-25682 Unknown CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

AhnLab Inc Unknown

Notified: 2020-09-23 Updated: 2021-01-19 CVE-2020-25681 Unknown
CVE-2020-25682 Unknown CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

AirWatch Unknown

Notified: 2020-09-23 Updated: 2021-01-19 CVE-2020-25681 Unknown
CVE-2020-25682 Unknown CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

Akamai Technologies Inc. Unknown

Notified: 2020-09-23 Updated: 2021-01-19 CVE-2020-25681 Unknown
CVE-2020-25682 Unknown CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

Alcatel-Lucent Enterprise Unknown

Notified: 2020-09-23 Updated: 2021-01-19 CVE-2020-25681 Unknown
CVE-2020-25682 Unknown CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

Allied Telesis Unknown

Notified: 2020-09-23 Updated: 2021-01-19 CVE-2020-25681 Unknown
CVE-2020-25682 Unknown CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

Alpine Linux Unknown

Notified: 2020-09-23 Updated: 2021-01-19 CVE-2020-25681 Unknown
CVE-2020-25682 Unknown CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

Altran Intelligent Systems Unknown

Notified: 2020-09-23 Updated: 2021-01-19 CVE-2020-25681 Unknown
CVE-2020-25682 Unknown CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

Amazon Unknown

Notified: 2020-09-23 Updated: 2021-01-19 CVE-2020-25681 Unknown
CVE-2020-25682 Unknown CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

ANTlabs Unknown

Notified: 2020-09-23 Updated: 2021-01-19 CVE-2020-25681 Unknown
CVE-2020-25682 Unknown CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

Apple Unknown

Notified: 2020-09-23 Updated: 2021-01-19 CVE-2020-25681 Unknown
CVE-2020-25682 Unknown CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

Arch Linux Unknown

Notified: 2020-09-23 Updated: 2021-01-19 CVE-2020-25681 Unknown
CVE-2020-25682 Unknown CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

ARRIS Unknown

Notified: 2020-09-23 Updated: 2021-01-19 CVE-2020-25681 Unknown
CVE-2020-25682 Unknown CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

Aruba Networks Unknown

Notified: 2020-09-28 Updated: 2021-01-19 CVE-2020-25681 Unknown
CVE-2020-25682 Unknown CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

Aspera Inc. Unknown

Notified: 2020-09-23 Updated: 2021-01-19 CVE-2020-25681 Unknown
CVE-2020-25682 Unknown CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

ASUSTeK Computer Inc. Unknown

Notified: 2020-09-23 Updated: 2021-01-19 CVE-2020-25681 Unknown
CVE-2020-25682 Unknown CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

Atheros Communications Inc Unknown

Notified: 2020-09-23 Updated: 2021-01-19 CVE-2020-25681 Unknown
CVE-2020-25682 Unknown CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

AT&T Unknown

Notified: 2020-09-23 Updated: 2021-01-19 CVE-2020-25681 Unknown
CVE-2020-25682 Unknown CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

Avaya Unknown

Notified: 2020-09-23 Updated: 2021-01-19 CVE-2020-25681 Unknown
CVE-2020-25682 Unknown CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

Belden Unknown

Notified: 2020-09-23 Updated: 2021-01-19 CVE-2020-25681 Unknown
CVE-2020-25682 Unknown CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

Belkin Inc. Unknown

Notified: 2020-09-23 Updated: 2021-01-19 CVE-2020-25681 Unknown
CVE-2020-25682 Unknown CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

Bell Canada Enterprises Unknown

Notified: 2020-09-23 Updated: 2021-01-19 CVE-2020-25681 Unknown
CVE-2020-25682 Unknown CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

BlackBerry Unknown

Notified: 2020-09-23 Updated: 2021-01-19 CVE-2020-25681 Unknown
CVE-2020-25682 Unknown CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

BlueCat Networks Inc. Unknown

Notified: 2020-09-23 Updated: 2021-01-19 CVE-2020-25681 Unknown
CVE-2020-25682 Unknown CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

Blue Coat Systems Unknown

Notified: 2020-09-23 Updated: 2021-01-19 CVE-2020-25681 Unknown
CVE-2020-25682 Unknown CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

Blunk Microsystems Unknown

Notified: 2020-09-23 Updated: 2021-01-19 CVE-2020-25681 Unknown
CVE-2020-25682 Unknown CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

BoringSSL Unknown

Notified: 2020-09-23 Updated: 2021-01-19 CVE-2020-25681 Unknown
CVE-2020-25682 Unknown CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

Broadcom Unknown

Notified: 2020-09-23 Updated: 2021-01-19 CVE-2020-25681 Unknown
CVE-2020-25682 Unknown CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

Buffalo Technology Unknown

Notified: 2020-09-24 Updated: 2021-01-19 CVE-2020-25681 Unknown
CVE-2020-25682 Unknown CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

BullGuard Unknown

Notified: 2020-09-24 Updated: 2021-01-19 CVE-2020-25681 Unknown
CVE-2020-25682 Unknown CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

Cambium Networks Unknown

Notified: 2020-09-24 Updated: 2021-01-19 CVE-2020-25681 Unknown
CVE-2020-25682 Unknown CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

CA Technologies Unknown

Notified: 2020-09-24 Updated: 2021-01-19 CVE-2020-25681 Unknown
CVE-2020-25682 Unknown CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

CERT-UBIK Unknown

Notified: 2020-09-24 Updated: 2021-01-19 CVE-2020-25681 Unknown
CVE-2020-25682 Unknown CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

Cesanta Unknown

Notified: 2020-09-24 Updated: 2021-01-19 CVE-2020-25681 Unknown
CVE-2020-25682 Unknown CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

Cirpack Unknown

Notified: 2020-09-24 Updated: 2021-01-19 CVE-2020-25681 Unknown
CVE-2020-25682 Unknown CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

CMX Systems Unknown

Notified: 2020-09-24 Updated: 2021-01-19 CVE-2020-25681 Unknown
CVE-2020-25682 Unknown CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

Comcast Unknown

Notified: 2020-09-24 Updated: 2021-01-19 CVE-2020-25681 Unknown
CVE-2020-25682 Unknown CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

Commscope Unknown

Notified: 2020-09-24 Updated: 2021-01-19 CVE-2020-25681 Unknown
CVE-2020-25682 Unknown CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

Contiki OS Unknown

Notified: 2020-09-24 Updated: 2021-01-19 CVE-2020-25681 Unknown
CVE-2020-25682 Unknown CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

Cricket Wireless Unknown

Notified: 2020-09-24 Updated: 2021-01-19 CVE-2020-25681 Unknown
CVE-2020-25682 Unknown CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

Cypress Semiconductor Unknown

Notified: 2020-09-24 Updated: 2021-01-19 CVE-2020-25681 Unknown
CVE-2020-25682 Unknown CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

CZ.NIC Unknown

Notified: 2020-09-24 Updated: 2021-01-19 CVE-2020-25681 Unknown
CVE-2020-25682 Unknown CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

Debian GNU/Linux Unknown

Notified: 2020-09-24 Updated: 2021-01-19 CVE-2020-25681 Unknown
CVE-2020-25682 Unknown CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

Dell Unknown

Notified: 2020-09-24 Updated: 2021-01-19 CVE-2020-25681 Unknown
CVE-2020-25682 Unknown CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

Dell EMC Unknown

Notified: 2020-09-24 Updated: 2021-01-19 CVE-2020-25681 Unknown
CVE-2020-25682 Unknown CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

Dell SecureWorks Unknown

Notified: 2020-09-24 Updated: 2021-01-19 CVE-2020-25681 Unknown
CVE-2020-25682 Unknown CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

Deutsche Telekom Unknown

Notified: 2020-09-24 Updated: 2021-01-19 CVE-2020-25681 Unknown
CVE-2020-25682 Unknown CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

Devicescape Unknown

Notified: 2020-09-24 Updated: 2021-01-19 CVE-2020-25681 Unknown
CVE-2020-25682 Unknown CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

Diebold Election Systems Unknown

Notified: 2020-09-24 Updated: 2021-01-19 CVE-2020-25681 Unknown
CVE-2020-25682 Unknown CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

dnsmasq Unknown

Notified: 2020-09-18 Updated: 2021-01-19 CVE-2020-25681 Unknown
CVE-2020-25682 Unknown CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

EfficientIP Unknown

Notified: 2020-09-24 Updated: 2021-01-19 CVE-2020-25681 Unknown
CVE-2020-25682 Unknown CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

ENEA Unknown

Notified: 2020-09-24 Updated: 2021-01-19 CVE-2020-25681 Unknown
CVE-2020-25682 Unknown CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

Ericsson Unknown

Notified: 2020-09-24 Updated: 2021-01-19 CVE-2020-25681 Unknown
CVE-2020-25682 Unknown CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

European Registry for Internet Domains Unknown

Notified: 2020-09-24 Updated: 2021-01-19 CVE-2020-25681 Unknown
CVE-2020-25682 Unknown CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

Express Logic Unknown

Notified: 2020-09-24 Updated: 2021-01-19 CVE-2020-25681 Unknown
CVE-2020-25682 Unknown CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

Extreme Networks Unknown

Notified: 2020-09-24 Updated: 2021-01-19 CVE-2020-25681 Unknown
CVE-2020-25682 Unknown CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

Fastly Unknown

Notified: 2020-09-24 Updated: 2021-01-19 CVE-2020-25681 Unknown
CVE-2020-25682 Unknown CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

Fedora Project Unknown

Notified: 2020-09-24 Updated: 2021-01-19 CVE-2020-25681 Unknown
CVE-2020-25682 Unknown CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

FNet Unknown

Notified: 2020-09-24 Updated: 2021-01-19 CVE-2020-25681 Unknown
CVE-2020-25682 Unknown CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

Force10 Networks Unknown

Notified: 2020-09-24 Updated: 2021-01-19 CVE-2020-25681 Unknown
CVE-2020-25682 Unknown CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

Fortinet Unknown

Notified: 2020-09-24 Updated: 2021-01-19 CVE-2020-25681 Unknown
CVE-2020-25682 Unknown CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

Foundry Brocade Unknown

Notified: 2020-09-24 Updated: 2021-01-19 CVE-2020-25681 Unknown
CVE-2020-25682 Unknown CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

FreeRTOS Unknown

Notified: 2020-09-24 Updated: 2021-01-19 CVE-2020-25681 Unknown
CVE-2020-25682 Unknown CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

Geexbox Unknown

Notified: 2020-09-24 Updated: 2021-01-19 CVE-2020-25681 Unknown
CVE-2020-25682 Unknown CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

Gentoo Linux Unknown

Notified: 2020-09-24 Updated: 2021-01-19 CVE-2020-25681 Unknown
CVE-2020-25682 Unknown CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

GFI Software Unknown

Notified: 2020-09-24 Updated: 2021-01-19 CVE-2020-25681 Unknown
CVE-2020-25682 Unknown CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

GNU adns Unknown

Notified: 2020-09-24 Updated: 2021-01-19 CVE-2020-25681 Unknown
CVE-2020-25682 Unknown CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

GNU glibc Unknown

Notified: 2020-09-24 Updated: 2021-01-19 CVE-2020-25681 Unknown
CVE-2020-25682 Unknown CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

Grandstream Unknown

Notified: 2020-09-24 Updated: 2021-01-19 CVE-2020-25681 Unknown
CVE-2020-25682 Unknown CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

Green Hills Software Unknown

Notified: 2020-09-24 Updated: 2021-01-19 CVE-2020-25681 Unknown
CVE-2020-25682 Unknown CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

Hewlett Packard Enterprise Unknown

Notified: 2020-09-24 Updated: 2021-01-19 CVE-2020-25681 Unknown
CVE-2020-25682 Unknown CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

Hitachi Unknown

Notified: 2020-09-24 Updated: 2021-01-19 CVE-2020-25681 Unknown
CVE-2020-25682 Unknown CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

Hitron Unknown

Notified: 2021-01-19 Updated: 2021-01-19 CVE-2020-25681 Unknown
CVE-2020-25682 Unknown CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

Honeywell Unknown

Notified: 2020-09-25 Updated: 2021-01-19 CVE-2020-25681 Unknown
CVE-2020-25682 Unknown CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

HP Inc. Unknown

Notified: 2020-09-25 Updated: 2021-01-19 CVE-2020-25681 Unknown
CVE-2020-25682 Unknown CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

HTC Unknown

Notified: 2020-09-25 Updated: 2021-01-19 CVE-2020-25681 Unknown
CVE-2020-25682 Unknown CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

Huawei Unknown

Notified: 2020-09-25 Updated: 2021-01-19 CVE-2020-25681 Unknown
CVE-2020-25682 Unknown CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

IBM Unknown

Notified: 2020-09-25 Updated: 2021-01-19 CVE-2020-25681 Unknown
CVE-2020-25682 Unknown CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

IBM Numa-Q Division (Formerly Sequent) Unknown

Notified: 2020-09-25 Updated: 2021-01-19 CVE-2020-25681 Unknown
CVE-2020-25682 Unknown CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

ICASI Unknown

Notified: 2020-09-25 Updated: 2021-01-19 CVE-2020-25681 Unknown
CVE-2020-25682 Unknown CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

InfoExpress Inc. Unknown

Notified: 2020-09-25 Updated: 2021-01-19 CVE-2020-25681 Unknown
CVE-2020-25682 Unknown CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

Inmarsat Unknown

Notified: 2020-09-25 Updated: 2021-01-19 CVE-2020-25681 Unknown
CVE-2020-25682 Unknown CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

Internet Systems Consortium Unknown

Notified: 2020-09-25 Updated: 2021-01-19 CVE-2020-25681 Unknown
CVE-2020-25682 Unknown CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

Internet Systems Consortium - DHCP Unknown

Notified: 2020-09-25 Updated: 2021-01-19 CVE-2020-25681 Unknown
CVE-2020-25682 Unknown CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

INTEROP Unknown

Notified: 2020-09-25 Updated: 2021-01-19 CVE-2020-25681 Unknown
CVE-2020-25682 Unknown CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

IP Infusion Inc. Unknown

Notified: 2020-09-25 Updated: 2021-01-19 CVE-2020-25681 Unknown
CVE-2020-25682 Unknown CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

JH Software Unknown

Notified: 2020-09-25 Updated: 2021-01-19 CVE-2020-25681 Unknown
CVE-2020-25682 Unknown CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

JPCERT/CC Vulnerability Handling Team Unknown

Notified: 2020-09-25 Updated: 2021-01-19 CVE-2020-25681 Unknown
CVE-2020-25682 Unknown CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

Kwikset Unknown

Notified: 2020-09-25 Updated: 2021-01-19 CVE-2020-25681 Unknown
CVE-2020-25682 Unknown CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

Lancope Unknown

Notified: 2020-09-25 Updated: 2021-01-19 CVE-2020-25681 Unknown
CVE-2020-25682 Unknown CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

Lantronix Unknown

Notified: 2020-09-25 Updated: 2021-01-19 CVE-2020-25681 Unknown
CVE-2020-25682 Unknown CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

Lenovo Unknown

Notified: 2020-09-25 Updated: 2021-01-19 CVE-2020-25681 Unknown
CVE-2020-25682 Unknown CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

LG Electronics Unknown

Notified: 2020-09-25 Updated: 2021-01-19 CVE-2020-25681 Unknown
CVE-2020-25682 Unknown CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

LibreSSL Unknown

Notified: 2020-09-25 Updated: 2021-01-19 CVE-2020-25681 Unknown
CVE-2020-25682 Unknown CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

Linksys Unknown

Notified: 2020-09-25 Updated: 2021-01-19 CVE-2020-25681 Unknown
CVE-2020-25682 Unknown CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

LITE-ON Technology Corporation Unknown

Notified: 2020-09-25 Updated: 2021-01-19 CVE-2020-25681 Unknown
CVE-2020-25682 Unknown CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

LiteSpeed Technologies Unknown

Notified: 2020-09-25 Updated: 2021-01-19 CVE-2020-25681 Unknown
CVE-2020-25682 Unknown CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

Lynx Software Technologies Unknown

Notified: 2020-09-25 Updated: 2021-01-19 CVE-2020-25681 Unknown
CVE-2020-25682 Unknown CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

m0n0wall Unknown

Notified: 2020-09-25 Updated: 2021-01-19 CVE-2020-25681 Unknown
CVE-2020-25682 Unknown CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

Marconi Inc. Unknown

Notified: 2020-09-28 Updated: 2021-01-19 CVE-2020-25681 Unknown
CVE-2020-25682 Unknown CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

Marvell Semiconductor Unknown

Notified: 2020-09-28 Updated: 2021-01-19 CVE-2020-25681 Unknown
CVE-2020-25682 Unknown CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

MaxLinear Unknown

Notified: 2021-01-13 Updated: 2021-01-19 CVE-2020-25681 Unknown
CVE-2020-25682 Unknown CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

MediaTek Unknown

Notified: 2020-09-28 Updated: 2021-01-19 CVE-2020-25681 Unknown
CVE-2020-25682 Unknown CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

Medtronic Unknown

Notified: 2020-09-28 Updated: 2021-01-19 CVE-2020-25681 Unknown
CVE-2020-25682 Unknown CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

Men & Mice Unknown

Notified: 2020-09-28 Updated: 2021-01-19 CVE-2020-25681 Unknown
CVE-2020-25682 Unknown CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

Metaswitch Networks Unknown

Notified: 2020-09-28 Updated: 2021-01-19 CVE-2020-25681 Unknown
CVE-2020-25682 Unknown CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

Micrium Unknown

Notified: 2020-09-28 Updated: 2021-01-19 CVE-2020-25681 Unknown
CVE-2020-25682 Unknown CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

Microchip Technology Unknown

Notified: 2020-09-28 Updated: 2021-01-19 CVE-2020-25681 Unknown
CVE-2020-25682 Unknown CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

Micro Focus Unknown

Notified: 2020-09-28 Updated: 2021-01-19 CVE-2020-25681 Unknown
CVE-2020-25682 Unknown CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

Microsoft Unknown

Notified: 2020-09-28 Updated: 2021-01-19 CVE-2020-25681 Unknown
CVE-2020-25682 Unknown CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

Minim Unknown

Notified: 2021-01-19 Updated: 2021-01-19 CVE-2020-25681 Unknown
CVE-2020-25682 Unknown CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

Mitel Networks Unknown

Notified: 2020-09-28 Updated: 2021-01-19 CVE-2020-25681 Unknown
CVE-2020-25682 Unknown CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

Monroe Electronics Unknown

Notified: 2020-09-28 Updated: 2021-01-19 CVE-2020-25681 Unknown
CVE-2020-25682 Unknown CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

Motorola Unknown

Notified: 2020-09-28 Updated: 2021-01-19 CVE-2020-25681 Unknown
CVE-2020-25682 Unknown CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

Muonics Inc. Unknown

Notified: 2020-09-28 Updated: 2021-01-19 CVE-2020-25681 Unknown
CVE-2020-25682 Unknown CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

National Cyber Security Center Netherlands Unknown

Notified: 2020-09-28 Updated: 2021-01-19 CVE-2020-25681 Unknown
CVE-2020-25682 Unknown CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

National Cyber Security Centre Finland Unknown

Notified: 2020-09-28 Updated: 2021-01-19 CVE-2020-25681 Unknown
CVE-2020-25682 Unknown CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

NCSC-FI Vulnerability Coordinator Unknown

Notified: 2020-09-28 Updated: 2021-01-19 CVE-2020-25681 Unknown
CVE-2020-25682 Unknown CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

NEC Corporation Unknown

Notified: 2020-09-28 Updated: 2021-01-19 CVE-2020-25681 Unknown
CVE-2020-25682 Unknown CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

NetBurner Unknown

Notified: 2020-09-28 Updated: 2021-01-19 CVE-2020-25681 Unknown
CVE-2020-25682 Unknown CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

NetComm Wireless Limited Unknown

Notified: 2020-09-28 Updated: 2021-01-19 CVE-2020-25681 Unknown
CVE-2020-25682 Unknown CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

NETSCOUT Unknown

Notified: 2020-09-28 Updated: 2021-01-19 CVE-2020-25681 Unknown
CVE-2020-25682 Unknown CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

netsnmpj Unknown

Notified: 2020-09-29 Updated: 2021-01-19 CVE-2020-25681 Unknown
CVE-2020-25682 Unknown CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

NIKSUN Unknown

Notified: 2020-09-29 Updated: 2021-01-19 CVE-2020-25681 Unknown
CVE-2020-25682 Unknown CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

Nixu Unknown

Notified: 2020-09-28 Updated: 2021-01-19 CVE-2020-25681 Unknown
CVE-2020-25682 Unknown CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

NLnet Labs Unknown

Notified: 2020-09-28 Updated: 2021-01-19 CVE-2020-25681 Unknown
CVE-2020-25682 Unknown CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

Nokia Unknown

Notified: 2020-09-28 Updated: 2021-01-19 CVE-2020-25681 Unknown
CVE-2020-25682 Unknown CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

Nominum Unknown

Notified: 2020-09-28 Updated: 2021-01-19 CVE-2020-25681 Unknown
CVE-2020-25682 Unknown CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

OleumTech Unknown

Notified: 2020-09-28 Updated: 2021-01-19 CVE-2020-25681 Unknown
CVE-2020-25682 Unknown CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

OpenConnect Ltd Unknown

Notified: 2020-09-28 Updated: 2021-01-19 CVE-2020-25681 Unknown
CVE-2020-25682 Unknown CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

OpenDNS Unknown

Notified: 2020-09-28 Updated: 2021-01-19 CVE-2020-25681 Unknown
CVE-2020-25682 Unknown CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

OpenSSL Unknown

Notified: 2020-09-28 Updated: 2021-01-19 CVE-2020-25681 Unknown
CVE-2020-25682 Unknown CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

Openwall GNU/*/Linux Unknown

Notified: 2020-09-28 Updated: 2021-01-19 CVE-2020-25681 Unknown
CVE-2020-25682 Unknown CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

Oracle Corporation Unknown

Notified: 2020-09-28 Updated: 2021-01-19 CVE-2020-25681 Unknown
CVE-2020-25682 Unknown CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

Oryx Embedded Unknown

Notified: 2020-09-28 Updated: 2021-01-19 CVE-2020-25681 Unknown
CVE-2020-25682 Unknown CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

Palo Alto Networks Unknown

Notified: 2020-09-28 Updated: 2021-01-19 CVE-2020-25681 Unknown
CVE-2020-25682 Unknown CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

pfSense Unknown

Notified: 2020-09-28 Updated: 2021-01-19 CVE-2020-25681 Unknown
CVE-2020-25682 Unknown CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

Philips Electronics Unknown

Notified: 2020-09-28 Updated: 2021-01-19 CVE-2020-25681 Unknown
CVE-2020-25682 Unknown CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

PHPIDS Unknown

Notified: 2020-09-28 Updated: 2021-01-19 CVE-2020-25681 Unknown
CVE-2020-25682 Unknown CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

PowerDNS Unknown

Notified: 2020-09-28 Updated: 2021-01-19 CVE-2020-25681 Unknown
CVE-2020-25682 Unknown CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

Proxim Inc. Unknown

Notified: 2020-09-28 Updated: 2021-01-19 CVE-2020-25681 Unknown
CVE-2020-25682 Unknown CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

QLogic Unknown

Notified: 2020-09-28 Updated: 2021-01-19 CVE-2020-25681 Unknown
CVE-2020-25682 Unknown CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

QNAP Unknown

Notified: 2020-10-08 Updated: 2021-01-19 CVE-2020-25681 Unknown
CVE-2020-25682 Unknown CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

Quadros Systems Unknown

Notified: 2020-09-28 Updated: 2021-01-19 CVE-2020-25681 Unknown
CVE-2020-25682 Unknown CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

Quagga Unknown

Notified: 2020-09-28 Updated: 2021-01-19 CVE-2020-25681 Unknown
CVE-2020-25682 Unknown CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

Qualcomm Unknown

Notified: 2020-09-28 Updated: 2021-01-19 CVE-2020-25681 Unknown
CVE-2020-25682 Unknown CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

Quantenna Communications Unknown

Notified: 2020-09-28 Updated: 2021-01-19 CVE-2020-25681 Unknown
CVE-2020-25682 Unknown CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

Riverbed Technologies Unknown

Notified: 2020-09-28 Updated: 2021-01-19 CVE-2020-25681 Unknown
CVE-2020-25682 Unknown CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

Roku Unknown

Notified: 2020-09-28 Updated: 2021-01-19 CVE-2020-25681 Unknown
CVE-2020-25682 Unknown CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

Ruckus Wireless Unknown

Notified: 2020-09-28 Updated: 2021-01-19 CVE-2020-25681 Unknown
CVE-2020-25682 Unknown CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

Ruijie Networks Unknown

Notified: 2020-09-28 Updated: 2021-01-19 CVE-2020-25681 Unknown
CVE-2020-25682 Unknown CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

SafeNet Unknown

Notified: 2020-09-28 Updated: 2021-01-19 CVE-2020-25681 Unknown
CVE-2020-25682 Unknown CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

Samsung Unknown

Notified: 2020-09-28 Updated: 2021-01-19 CVE-2020-25681 Unknown
CVE-2020-25682 Unknown CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

Samsung Mobile Unknown

Notified: 2020-09-28 Updated: 2021-01-19 CVE-2020-25681 Unknown
CVE-2020-25682 Unknown CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

Samsung Semiconductor Unknown

Notified: 2020-09-28 Updated: 2021-01-19 CVE-2020-25681 Unknown
CVE-2020-25682 Unknown CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

Schneider Electric Unknown

Notified: 2020-12-08 Updated: 2021-01-19 CVE-2020-25681 Unknown
CVE-2020-25682 Unknown CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

Secure64 Software Corporation Unknown

Notified: 2020-09-28 Updated: 2021-01-19 CVE-2020-25681 Unknown
CVE-2020-25682 Unknown CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

SEIKO EPSON Corp. / Epson America Inc. Unknown

Notified: 2020-09-28 Updated: 2021-01-19 CVE-2020-25681 Unknown
CVE-2020-25682 Unknown CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

Slackware Linux Inc. Unknown

Notified: 2020-09-28 Updated: 2021-01-19 CVE-2020-25681 Unknown
CVE-2020-25682 Unknown CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

SMC Networks Inc. Unknown

Notified: 2020-09-28 Updated: 2021-01-19 CVE-2020-25681 Unknown
CVE-2020-25682 Unknown CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

SmoothWall Unknown

Notified: 2020-09-28 Updated: 2021-01-19 CVE-2020-25681 Unknown
CVE-2020-25682 Unknown CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

Snort Unknown

Notified: 2020-09-28 Updated: 2021-01-19 CVE-2020-25681 Unknown
CVE-2020-25682 Unknown CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

SonicWall Unknown

Notified: 2020-09-28 Updated: 2021-01-19 CVE-2020-25681 Unknown
CVE-2020-25682 Unknown CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

Sonos Unknown

Notified: 2020-09-28 Updated: 2021-01-19 CVE-2020-25681 Unknown
CVE-2020-25682 Unknown CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

Sony Unknown

Notified: 2020-09-28 Updated: 2021-01-19 CVE-2020-25681 Unknown
CVE-2020-25682 Unknown CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

Sourcefire Unknown

Notified: 2020-09-28 Updated: 2021-01-19 CVE-2020-25681 Unknown
CVE-2020-25682 Unknown CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

Symantec Unknown

Notified: 2020-09-28 Updated: 2021-01-19 CVE-2020-25681 Unknown
CVE-2020-25682 Unknown CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

Systech Unknown

Notified: 2020-09-28 Updated: 2021-01-19 CVE-2020-25681 Unknown
CVE-2020-25682 Unknown CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

systemd Unknown

Notified: 2020-09-29 Updated: 2021-01-19 CVE-2020-25681 Unknown
CVE-2020-25682 Unknown CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

TCPWave Unknown

Notified: 2020-09-29 Updated: 2021-01-19 CVE-2020-25681 Unknown
CVE-2020-25682 Unknown CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

TDS Telecom Unknown

Notified: 2020-09-29 Updated: 2021-01-19 CVE-2020-25681 Unknown
CVE-2020-25682 Unknown CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

Tenable Network Security Unknown

Notified: 2020-09-29 Updated: 2021-01-19 CVE-2020-25681 Unknown
CVE-2020-25682 Unknown CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

Thales Group Unknown

Notified: 2020-09-29 Updated: 2021-01-19

Statement Date: September 30, 2020

CVE-2020-25681 Unknown
CVE-2020-25682 Unknown CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

TippingPoint Technologies Inc. Unknown

Notified: 2020-09-29 Updated: 2021-01-19 CVE-2020-25681 Unknown
CVE-2020-25682 Unknown CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

Tizen Unknown

Notified: 2020-09-29 Updated: 2021-01-19 CVE-2020-25681 Unknown
CVE-2020-25682 Unknown CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

Toshiba Commerce Solutions Unknown

Notified: 2020-09-29 Updated: 2021-01-19 CVE-2020-25681 Unknown
CVE-2020-25682 Unknown CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

TP-LINK Unknown

Notified: 2020-09-29 Updated: 2021-01-19 CVE-2020-25681 Unknown
CVE-2020-25682 Unknown CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

Turbolinux Unknown

Notified: 2020-09-29 Updated: 2021-01-19 CVE-2020-25681 Unknown
CVE-2020-25682 Unknown CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

Ubee Interactive Unknown

Notified: 2021-01-19 Updated: 2021-01-19 CVE-2020-25681 Unknown
CVE-2020-25682 Unknown CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

Ubiquiti Unknown

Notified: 2020-09-29 Updated: 2021-01-19 CVE-2020-25681 Unknown
CVE-2020-25682 Unknown CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

Ubuntu Unknown

Notified: 2020-09-29 Updated: 2021-01-19 CVE-2020-25681 Unknown
CVE-2020-25682 Unknown CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

Unisys Corporation Unknown

Notified: 2020-09-29 Updated: 2021-01-19 CVE-2020-25681 Unknown
CVE-2020-25682 Unknown CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

Univention Unknown

Notified: 2020-09-29 Updated: 2021-01-19 CVE-2020-25681 Unknown
CVE-2020-25682 Unknown CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

Untangle Unknown

Notified: 2020-09-29 Updated: 2021-01-19 CVE-2020-25681 Unknown
CVE-2020-25682 Unknown CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

Vertical Networks Inc. Unknown

Notified: 2020-09-29 Updated: 2021-01-19 CVE-2020-25681 Unknown
CVE-2020-25682 Unknown CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

VMware Carbon Black Unknown

Notified: 2020-09-29 Updated: 2021-01-19 CVE-2020-25681 Unknown
CVE-2020-25682 Unknown CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

Vultures List Unknown

Notified: 2020-09-29 Updated: 2021-01-19 CVE-2020-25681 Unknown
CVE-2020-25682 Unknown CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

WizNET Technology Unknown

Notified: 2020-09-29 Updated: 2021-01-19 CVE-2020-25681 Unknown
CVE-2020-25682 Unknown CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

wolfSSL Unknown

Notified: 2020-09-29 Updated: 2021-01-19 CVE-2020-25681 Unknown
CVE-2020-25682 Unknown CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

Xiaomi Unknown

Notified: 2020-09-29 Updated: 2021-01-19 CVE-2020-25681 Unknown
CVE-2020-25682 Unknown CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

Xilinx Unknown

Notified: 2020-09-29 Updated: 2021-01-19 CVE-2020-25681 Unknown
CVE-2020-25682 Unknown CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

Zebra Technologies Unknown

Notified: 2020-09-29 Updated: 2021-01-19 CVE-2020-25681 Unknown
CVE-2020-25682 Unknown CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

ZTE Corporation Unknown

Notified: 2020-09-29 Updated: 2021-01-19 CVE-2020-25681 Unknown
CVE-2020-25682 Unknown CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

Zyxel Unknown

Notified: 2020-09-29 Updated: 2021-01-19 CVE-2020-25681 Unknown
CVE-2020-25682 Unknown CVE-2020-25683

Vendor Statement

We have not received a statement from the vendor.

View all 253 vendors __View less vendors __

References

Other Information

CVE IDs: CVE-2020-25681 CVE-2020-25682 CVE-2020-25683 CVE-2020-25684 CVE-2020-25685 CVE-2020-25686 CVE-2020-25687
API URL: VINCE JSON
Date Public: 2021-01-19 Date First Published:

Related

oraclelinux 4
nessus 58
openvas 33
fedora 2
altlinux 1
debian 3
redhat 12
gentoo 1
openwrt 1
archlinux 1
mageia 1
freebsd 1
suse 2
malwarebytes 1
threatpost 1
osv 11
slackware 1
cisco 1
almalinux 1
photon 6
ics 1
ubuntu 2
f5 2
rosalinux 1
ubuntucve 6
debiancve 6
redhatcve 7
alpinelinux 6
thn 1
githubexploit 1
ibm 1
prion 6
amazon 1
arista 1
cve 6
centos 1
cbl_mariner 4
checkpoint_advisories 1
veracode 3
oraclelinux
oraclelinux
dnsmasq security update
2021-01-20 00:00:00
dnsmasq security update
2021-01-19 00:00:00
dnsmasq security update
2023-11-06 00:00:00
nessus
nessus
EulerOS 2.0 SP8 : dnsmasq (EulerOS-SA-2021-1138)
2021-02-01 00:00:00
Fedora 33 : dnsmasq (2021-84440e87ba)
2021-01-21 00:00:00
openSUSE Security Update : dnsmasq (openSUSE-2021-129)
2021-01-25 00:00:00
openvas
openvas
OpenWRT < 19.07.6 Multiple dnsmasq Vulnerabilities
2022-08-23 00:00:00
Huawei EulerOS: Security Advisory for dnsmasq (EulerOS-SA-2021-1374)
2021-02-22 00:00:00
Huawei EulerOS: Security Advisory for dnsmasq (EulerOS-SA-2021-1733)
2021-04-13 00:00:00
fedora
fedora
[SECURITY] Fedora 33 Update: dnsmasq-2.83-1.fc33
2021-01-21 01:47:44
[SECURITY] Fedora 32 Update: dnsmasq-2.84-1.fc32
2021-02-20 01:34:26
altlinux
altlinux
Security fix for the ALT Linux 10 package dnsmasq version 2.83-alt1
2021-01-22 00:00:00
debian
debian
[SECURITY] [DSA 4844-1] dnsmasq security update
2021-02-04 07:37:12
[SECURITY] [DSA 4844-1] dnsmasq security update
2021-02-04 07:37:12
[SECURITY] [DLA 2604-1] dnsmasq security update
2021-03-22 18:43:44
redhat
redhat
(RHSA-2021:0151) Important: dnsmasq security update
2021-01-19 12:36:50
(RHSA-2021:0152) Important: dnsmasq security update
2021-01-19 12:36:51
(RHSA-2021:0150) Important: dnsmasq security update
2021-01-19 12:37:10
gentoo
gentoo
Dnsmasq: Multiple vulnerabilities
2021-01-22 00:00:00
openwrt
openwrt
Security Advisory 2021-01-19-1 - dnsmasq multiple vulnerabilities (CVE-2020-25681, CVE-2020-25682, CVE-2020-25683, CVE-2020-25684, CVE-2020-25685, CVE-2020-25686, CVE-2020-25687)
2021-01-19 12:00:54
archlinux
archlinux
[ASA-202101-38] dnsmasq: multiple issues
2021-01-20 00:00:00
mageia
mageia
Updated dnsmasq packages fix security vulnerability
2021-01-29 22:05:33
freebsd
freebsd
dnsmasq -- DNS cache poisoning, and DNSSEC buffer overflow, vulnerabilities
2020-09-16 00:00:00
suse
suse
Security update for dnsmasq (important)
2021-01-20 00:00:00
Security update for dnsmasq (important)
2021-01-20 00:00:00
malwarebytes
malwarebytes
DNSpooq bugs haunt dnsmasq
2021-01-21 15:56:12
threatpost
threatpost
DNSpooq Flaws Allow DNS Hijacking of Millions of Devices
2021-01-19 21:25:10
osv
osv
dnsmasq - security update
2021-02-02 00:00:00
dnsmasq regression
2021-02-24 13:43:44
dnsmasq vulnerabilities
2021-01-19 12:48:33
slackware
slackware
[slackware-security] dnsmasq
2021-02-09 20:59:31
cisco
cisco
Multiple Vulnerabilities in dnsmasq DNS Forwarder Affecting Cisco Products: January 2021
2021-01-19 12:15:00
almalinux
almalinux
Important: dnsmasq security update
2021-01-19 12:37:10
photon
photon
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2021-2.0-0312
2021-01-22 00:00:00
Important Photon OS Security Update - PHSA-2021-0312
2021-01-22 00:00:00
Home Download Photon OS User Documentation FAQ Security Advisories Related Information Lightwave - PHSA-2021-1.0-0356
2021-01-22 00:00:00
ics
ics
dnsmasq by Simon Kelley (Update A)
2021-03-09 12:00:00
ubuntu
ubuntu
Dnsmasq regression
2021-02-24 00:00:00
Dnsmasq vulnerabilities
2021-01-19 00:00:00
f5
f5
K02931614 : Multiple dnsmasq vulnerabilities
2021-03-30 00:00:00
K98221124 : Multiple dnsmasq vulnerabilities CVE-2020-25684, CVE-2020-25685, and CVE-2020-25686
2021-03-30 00:00:00
rosalinux
rosalinux
Advisory ROSA-SA-2021-1823
2021-07-02 16:38:26
ubuntucve
ubuntucve
CVE-2020-25684
2021-01-19 00:00:00
CVE-2020-25686
2021-01-19 00:00:00
CVE-2020-25685
2021-01-19 00:00:00
debiancve
debiancve
CVE-2020-25684
2021-01-20 16:15:00
CVE-2020-25685
2021-01-20 16:15:00
CVE-2020-25686
2021-01-20 17:15:00
redhatcve
redhatcve
CVE-2020-25684
2021-01-19 14:57:23
CVE-2020-25685
2021-01-19 12:18:11
CVE-2020-25686
2021-01-19 12:18:42
alpinelinux
alpinelinux
CVE-2020-25684
2021-01-20 16:15:00
CVE-2020-25685
2021-01-20 16:15:00
CVE-2020-25686
2021-01-20 17:15:00
thn
thn
A Set of Severe Flaws Affect Popular DNSMasq DNS Forwarder
2021-01-19 12:01:00
githubexploit
githubexploit
Exploit for CVE-2020-25684
2021-01-23 19:07:18
ibm
ibm
Security Bulletin: IBM Security Privileged Identity Manager is affected by security vulnerabilities (CVE-2020-25684, CVE-2020-25685, CVE-2020-25686)
2021-08-04 17:40:31
prion
prion
Design/Logic Flaw
2021-01-20 16:15:00
Design/Logic Flaw
2021-01-20 16:15:00
Design/Logic Flaw
2021-01-20 17:15:00
amazon
amazon
Medium: dnsmasq
2021-01-25 23:09:00
arista
arista
Security Advisory 0061
2021-01-19 00:00:00
cve
cve
CVE-2020-25684
2021-01-20 16:15:00
CVE-2020-25686
2021-01-20 17:15:00
CVE-2020-25685
2021-01-20 16:15:00
centos
centos
dnsmasq security update
2021-01-25 14:08:58
cbl_mariner
cbl_mariner
CVE-2020-25687 affecting package dnsmasq 2.79-11
2021-05-06 23:56:42
CVE-2020-25683 affecting package dnsmasq 2.79-11
2021-05-06 23:56:42
CVE-2020-25681 affecting package dnsmasq 2.79-11
2021-05-06 23:56:42
checkpoint_advisories
checkpoint_advisories
DNSmasq Out-of-Bounds Write (CVE-2020-25682)
2022-09-20 00:00:00
veracode
veracode
Arbitrary Code Execution
2021-01-20 16:41:19
Denial Of Service (DoS)
2021-01-20 16:41:17
Buffer Overflow
2021-01-20 16:41:21

8.1 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

7.7 High

AI Score

Confidence

High

8.3 High

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

COMPLETE

AV:N/AC:M/Au:N/C:P/I:P/A:C

0.159 Low

EPSS

Percentile

95.9%

JSON
Related for VU:434904
oraclelinux4nessus58openvas33fedora2altlinux1debian3redhat12gentoo1openwrt1archlinux1mageia1freebsd1suse2malwarebytes1threatpost1osv11slackware1cisco1almalinux1photon6ics1ubuntu2f52rosalinux1ubuntucve6debiancve6redhatcve7alpinelinux6thn1githubexploit1ibm1prion6amazon1arista1cve6centos1cbl_mariner4checkpoint_advisories1veracode3