Lucene search

K
ubuntucve
Ubuntu.comUB:CVE-2020-25686
HistoryJan 19, 2021 - 12:00 a.m.

CVE-2020-25686

2021-01-1900:00:00
ubuntu.com
ubuntu.com
7

3.7 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.004 Low

EPSS

Percentile

72.3%

A flaw was found in dnsmasq before version 2.83. When receiving a query,
dnsmasq does not check for an existing pending request for the same name
and forwards a new request. By default, a maximum of 150 pending queries
can be sent to upstream servers, so there can be at most 150 queries for
the same name. This flaw allows an off-path attacker on the network to
substantially reduce the number of attempts that it would have to perform
to forge a reply and have it accepted by dnsmasq. This issue is mentioned
in the “Birthday Attacks” section of RFC5452. If chained with
CVE-2020-25684, the attack complexity of a successful attack is reduced.
The highest threat from this vulnerability is to data integrity.

Rows per page:
1-10 of 111
Use Vulners API to create your own security tool

API usage cases
  • Network scanning
  • Linux Patch management
  • Threat protection
  • No network audit solution

Ways of integration

Integrate Vulners API

3.7 Low

CVSS3

Attack Vector

NETWORK

Attack Complexity

HIGH

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:M/Au:N/C:N/I:P/A:N

0.004 Low

EPSS

Percentile

72.3%

Related for UB:CVE-2020-25686