PublicDateAtUSN: 2021-01-19
Candidate: CVE-2020-25686
CRD: 2021-01-19
PublicDate: 2021-01-20 17:15:00 UTC
References: 
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-25686
 https://www.jsof-tech.com/disclosures/dnspooq/
 http://lists.thekelleys.org.uk/pipermail/dnsmasq-discuss/2021q1/014599.html
 https://ubuntu.com/security/notices/USN-4698-1
Description:
 A flaw was found in dnsmasq before version 2.83. When receiving a query,
 dnsmasq does not check for an existing pending request for the same name
 and forwards a new request. By default, a maximum of 150 pending queries
 can be sent to upstream servers, so there can be at most 150 queries for
 the same name. This flaw allows an off-path attacker on the network to
 substantially reduce the number of attempts that it would have to perform
 to forge a reply and have it accepted by dnsmasq. This issue is mentioned
 in the "Birthday Attacks" section of RFC5452. If chained with
 CVE-2020-25684, the attack complexity of a successful attack is reduced.
 The highest threat from this vulnerability is to data integrity.
Ubuntu-Description: 
Notes: 
Mitigation: 
Bugs: 
Priority: medium
Discovered-by: Moshe Kol and Shlomi Oberman
Assigned-to: mdeslaur
CVSS:
 nvd: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N [3.7 LOW]


Patches_dnsmasq:
upstream_dnsmasq: released (2.83)
precise/esm_dnsmasq: ignored (end of ESM support, was needs-triage)
trusty_dnsmasq: ignored (out of standard support)
trusty/esm_dnsmasq: needs-triage
xenial_dnsmasq: released (2.75-1ubuntu0.16.04.7)
esm-infra/xenial_dnsmasq: released (2.75-1ubuntu0.16.04.7)
bionic_dnsmasq: released (2.79-1ubuntu0.2)
focal_dnsmasq: released (2.80-1.1ubuntu1.2)
groovy_dnsmasq: released (2.82-1ubuntu1.1)
hirsute_dnsmasq: released (2.82-1ubuntu2)
impish_dnsmasq: released (2.82-1ubuntu2)
jammy_dnsmasq: released (2.82-1ubuntu2)
devel_dnsmasq: released (2.82-1ubuntu2)