Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

233 matches found

Prion
Prionadded 2021/01/20 5:15 p.m.49 views

Design/Logic Flaw

A flaw was found in dnsmasq before version 2.83. When receiving a query, dnsmasq does not check for an existing pending request for the same name and forwards a new request. By default, a maximum of 150 pending queries can be sent to upstream servers, so there can be at most 150 queries for the...

4.3CVSS3.9AI score0.00549EPSS
Exploits2References7Affected Software4
Cvelist
Cvelistadded 2021/01/20 4:47 p.m.26 views

CVE-2020-25686

A flaw was found in dnsmasq before version 2.83. When receiving a query, dnsmasq does not check for an existing pending request for the same name and forwards a new request. By default, a maximum of 150 pending queries can be sent to upstream servers, so there can be at most 150 queries for the...

6.2AI score0.00549EPSS
Exploits2References7
CVE
CVEadded 2021/01/20 4:47 p.m.820 views

CVE-2020-25686

CVE-2020-25686 affects dnsmasq prior to version 2.83. The flaw: when receiving a query, dnsmasq does not check for an existing pending request for the same name and forwards a new one, allowing up to 150 outstanding queries and enabling an off-path attacker to substantially reduce the work needed...

4.3CVSS5.9AI score0.00549EPSS
Exploits2References8Affected Software1
Debian CVE
Debian CVEadded 2021/01/20 4:47 p.m.45 views

CVE-2020-25686

A flaw was found in dnsmasq before version 2.83. When receiving a query, dnsmasq does not check for an existing pending request for the same name and forwards a new request. By default, a maximum of 150 pending queries can be sent to upstream servers, so there can be at most 150 queries for the...

4.3CVSS4.5AI score0.00549EPSS
Exploits2
AlpineLinux
AlpineLinuxadded 2021/01/20 4:47 p.m.41 views

CVE-2020-25686

A flaw was found in dnsmasq before version 2.83. When receiving a query, dnsmasq does not check for an existing pending request for the same name and forwards a new request. By default, a maximum of 150 pending queries can be sent to upstream servers, so there can be at most 150 queries for the...

4.3CVSS6.4AI score0.00549EPSS
Exploits2
NVD
NVDadded 2021/01/20 4:15 p.m.17 views

CVE-2020-25685

A flaw was found in dnsmasq before version 2.83. When getting a reply from a forwarded query, dnsmasq checks in forward.c:replyquery, which is the forwarded query that matches the reply, by only using a weak hash of the query name. Due to the weak hash CRC32 when dnsmasq is compiled without DNSSE...

4.3CVSS5.8AI score0.00423EPSS
Exploits2References8
OSV
OSVadded 2021/01/20 4:15 p.m.133 views

CVE-2020-25685

A flaw was found in dnsmasq before version 2.83. When getting a reply from a forwarded query, dnsmasq checks in forward.c:replyquery, which is the forwarded query that matches the reply, by only using a weak hash of the query name. Due to the weak hash CRC32 when dnsmasq is compiled without DNSSE...

3.7CVSS0.6AI score
Exploits0References8
OSV
OSVadded 2021/01/20 4:15 p.m.1 views

ALPINE-CVE-2020-25685

A flaw was found in dnsmasq before version 2.83. When getting a reply from a forwarded query, dnsmasq checks in forward.c:replyquery, which is the forwarded query that matches the reply, by only using a weak hash of the query name. Due to the weak hash CRC32 when dnsmasq is compiled without DNSSE...

3.7CVSS6.3AI score0.00423EPSS
Exploits2References1
Prion
Prionadded 2021/01/20 4:15 p.m.61 views

Design/Logic Flaw

A flaw was found in dnsmasq before version 2.83. When getting a reply from a forwarded query, dnsmasq checks in forward.c:replyquery, which is the forwarded query that matches the reply, by only using a weak hash of the query name. Due to the weak hash CRC32 when dnsmasq is compiled without DNSSE...

4.3CVSS3.9AI score0.00423EPSS
Exploits2References7Affected Software4
Cvelist
Cvelistadded 2021/01/20 12:0 a.m.32 views

CVE-2020-25685

A flaw was found in dnsmasq before version 2.83. When getting a reply from a forwarded query, dnsmasq checks in forward.c:replyquery, which is the forwarded query that matches the reply, by only using a weak hash of the query name. Due to the weak hash CRC32 when dnsmasq is compiled without DNSSE...

6.2AI score0.00423EPSS
Exploits2References7
CVE
CVEadded 2021/01/20 12:0 a.m.752 views

CVE-2020-25685

CVE-2020-25685 affects dnsmasq up to version 2.83. The issue arises from how forward.c:reply_query() matches replies to forwarded queries: it uses a weak hash of the query name, allowing an off-path attacker to forge replies by exploiting hash collisions. This vulnerability enables DNS cache pois...

4.3CVSS6AI score0.00423EPSS
Exploits2References8Affected Software1
Debian CVE
Debian CVEadded 2021/01/20 12:0 a.m.55 views

CVE-2020-25685

A flaw was found in dnsmasq before version 2.83. When getting a reply from a forwarded query, dnsmasq checks in forward.c:replyquery, which is the forwarded query that matches the reply, by only using a weak hash of the query name. Due to the weak hash CRC32 when dnsmasq is compiled without DNSSE...

4.3CVSS4.6AI score0.00423EPSS
Exploits2
RedHat Linux
RedHat Linuxadded 2021/01/19 6:2 p.m.110 views

Moderate: Red Hat Security Advisory: dnsmasq security update

An update for dnsmasq is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from th...

4.3CVSS6.9AI score0.00549EPSS
Exploits2References5
RedHat Linux
RedHat Linuxadded 2021/01/19 6:2 p.m.2 views

dnsmasq: loose query name check in reply_query() makes forging replies easier for an off-path attacker

A flaw was found in dnsmasq. When getting a reply from a forwarded query, dnsmasq checks in forward.c:replyquery, which is the forwarded query that matches the reply, by only using a weak hash of the query name. Due to the weak hash CRC32 when dnsmasq is compiled without DNSSEC, SHA-1 when it is...

4.3CVSS7.2AI score0.00423EPSS
Exploits2References6
RedHat Linux
RedHat Linuxadded 2021/01/19 5:41 p.m.0 views

dnsmasq: loose address/port check in reply_query() makes forging replies easier for an off-path attacker

A flaw was found in dnsmasq. When getting a reply from a forwarded query, dnsmasq checks in the forward.c:replyquery if the reply destination address/port is used by the pending forwarded queries. However, it does not use the address/port to retrieve the exact forwarded query, substantially...

4.3CVSS7.2AI score0.00549EPSS
Exploits2References6
RedHat Linux
RedHat Linuxadded 2021/01/19 5:41 p.m.0 views

dnsmasq: loose query name check in reply_query() makes forging replies easier for an off-path attacker

A flaw was found in dnsmasq. When getting a reply from a forwarded query, dnsmasq checks in forward.c:replyquery, which is the forwarded query that matches the reply, by only using a weak hash of the query name. Due to the weak hash CRC32 when dnsmasq is compiled without DNSSEC, SHA-1 when it is...

4.3CVSS7.2AI score0.00423EPSS
Exploits2References6
RedHat Linux
RedHat Linuxadded 2021/01/19 3:6 p.m.0 views

dnsmasq: multiple queries forwarded for the same name makes forging replies easier for an off-path attacker

A flaw was found in dnsmasq. When receiving a query, dnsmasq does not check for an existing pending request for the same name and forwards a new request. By default, a maximum of 150 pending queries can be sent to upstream servers, so there can be at most 150 queries for the same name. This flaw...

4.3CVSS7.2AI score0.00549EPSS
Exploits2References6
RedHat Linux
RedHat Linuxadded 2021/01/19 2:11 p.m.0 views

dnsmasq: loose address/port check in reply_query() makes forging replies easier for an off-path attacker

A flaw was found in dnsmasq. When getting a reply from a forwarded query, dnsmasq checks in the forward.c:replyquery if the reply destination address/port is used by the pending forwarded queries. However, it does not use the address/port to retrieve the exact forwarded query, substantially...

4.3CVSS7.2AI score0.00549EPSS
Exploits2References6
RedHat Linux
RedHat Linuxadded 2021/01/19 2:11 p.m.1 views

dnsmasq: loose query name check in reply_query() makes forging replies easier for an off-path attacker

A flaw was found in dnsmasq. When getting a reply from a forwarded query, dnsmasq checks in forward.c:replyquery, which is the forwarded query that matches the reply, by only using a weak hash of the query name. Due to the weak hash CRC32 when dnsmasq is compiled without DNSSEC, SHA-1 when it is...

4.3CVSS7.2AI score0.00423EPSS
Exploits2References6
RedHat Linux
RedHat Linuxadded 2021/01/19 2:11 p.m.1 views

dnsmasq: multiple queries forwarded for the same name makes forging replies easier for an off-path attacker

A flaw was found in dnsmasq. When receiving a query, dnsmasq does not check for an existing pending request for the same name and forwards a new request. By default, a maximum of 150 pending queries can be sent to upstream servers, so there can be at most 150 queries for the same name. This flaw...

4.3CVSS7.2AI score0.00549EPSS
Exploits2References6
Rows per page
Query Builder