{"vulnerability": "CVE-2020-25686", "sightings": [{"uuid": "6ada4ada-42f3-4732-a5a0-0446d7e8a7d2", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-25686", "type": "seen", "source": "https://t.me/VulnerabilityNews/19766", "content": "A flaw was found in dnsmasq before version 2.83. When getting a reply from a forwarded query, dnsmasq checks in the forward.c:reply_query() if the reply destination address/port is used by the pending forwarded queries. However, it does not use the address/port to retrieve the exact forwarded query, substantially reducing the number of attempts an attacker on the network would have to perform to forge a reply and get it accepted by dnsmasq. This issue contrasts with RFC5452, which specifies a query's attributes that all must be used to match a reply. This flaw allows an attacker to perform a DNS Cache Poisoning attack. If chained with CVE-2020-25685 or CVE-2020-25686, the attack complexity of a successful attack is reduced. The highest threat from this vulnerability is to data integrity.\nPublished at: January 20, 2021 at 05:15PM\nView on website", "creation_timestamp": "2021-01-20T18:46:29.000000Z"}, {"uuid": "2620d5ba-c728-4b93-98f7-3cd2cbbb44a0", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "4f29edb9-4c4b-44ca-b041-9b050656b6ae", "vulnerability": "CVE-2020-25686", "type": "seen", "source": "https://www.kyberturvallisuuskeskus.fi/fi/dnspooq-haavoittuvuusjoukko-laajalti-kaytossa-olevassa-dnsmasq-ohjelmistossa", "content": "", "creation_timestamp": "2026-03-17T14:51:13.241654Z"}, {"uuid": "f2f1338f-281c-4efc-a74e-a71a35df2837", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "4f29edb9-4c4b-44ca-b041-9b050656b6ae", "vulnerability": "CVE-2020-25686", "type": "seen", "source": "https://www.kyberturvallisuuskeskus.fi/fi/dnspooq-haavoittuvuusjoukko-laajalti-kaytossa-olevassa-dnsmasq-ohjelmistossa", "content": "", "creation_timestamp": "2021-01-20T11:02:54.000000Z"}, {"uuid": "e25a852e-8dce-45d7-9cc2-39b837f44dc4", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-25686", "type": "seen", "source": "https://t.me/cibsecurity/22430", "content": "\u203c CVE-2020-25686 \u203c\n\nA flaw was found in dnsmasq before version 2.83. When receiving a query, dnsmasq does not check for an existing pending request for the same name and forwards a new request. By default, a maximum of 150 pending queries can be sent to upstream servers, so there can be at most 150 queries for the same name. This flaw allows an off-path attacker on the network to substantially reduce the number of attempts that it would have to perform to forge a reply and have it accepted by dnsmasq. This issue is mentioned in the \"Birthday Attacks\" section of RFC5452. If chained with CVE-2020-25684, the attack complexity of a successful attack is reduced. The highest threat from this vulnerability is to data integrity.\n\n\ud83d\udcd6 Read\n\nvia \"National Vulnerability Database\".", "creation_timestamp": "2021-01-20T20:27:21.000000Z"}, {"uuid": "e6073fa3-74a5-4713-9404-25f61bcdddfd", "vulnerability_lookup_origin": "1a89b78e-f703-45f3-bb86-59eb712668bd", "author": "2a075640-a300-48a4-bb44-bc6130783b9b", "vulnerability": "CVE-2020-25686", "type": "seen", "source": "https://t.me/CyberSecurityTechnologies/2534", "content": "#Whitepaper\n#Threat_Research\n\"DNSpooq: Cache Poisoning and RCE in Popular DNS Forwarder dnsmasq\", 2021.\n// CVE-2020-25684, CVE-2020-25685, \nCVE-2020-25686 - DNS-spoofing; CVE-2020-25681, CVE-2020-25682, CVE-2020-25683, CVE-2020-25687 - RCE.", "creation_timestamp": "2021-01-21T02:28:28.000000Z"}]}