VAR-202101-0220

Vulnerability from variot - Updated: 2026-03-09 21:24

A flaw was found in dnsmasq before version 2.83. When getting a reply from a forwarded query, dnsmasq checks in the forward.c:reply_query() if the reply destination address/port is used by the pending forwarded queries. However, it does not use the address/port to retrieve the exact forwarded query, substantially reducing the number of attempts an attacker on the network would have to perform to forge a reply and get it accepted by dnsmasq. This issue contrasts with RFC5452, which specifies a query's attributes that all must be used to match a reply. This flaw allows an attacker to perform a DNS Cache Poisoning attack. If chained with CVE-2020-25685 or CVE-2020-25686, the attack complexity of a successful attack is reduced. The highest threat from this vulnerability is to data integrity. Dnsmasq is a lightweight DNS forwarding and DHCP and TFTP server written in C language.

For the stable distribution (buster), these problems have been fixed in version 2.80-1+deb10u1.

For the detailed security status of dnsmasq please refer to its security tracker page at: https://security-tracker.debian.org/tracker/dnsmasq

Further information about Debian Security Advisories, how to apply these updates to your system and frequently asked questions can be found at: https://www.debian.org/security/

Mailing list: debian-security-announce@lists.debian.org -----BEGIN PGP SIGNATURE-----

iQEzBAEBCgAdFiEEAqSkbVtrXP4xJMh3EL6Jg/PVnWQFAmAZVA4ACgkQEL6Jg/PV nWQYKAgAgVwonRAgXSliaFh0n44OPOz9wf4KibG7otcnAx4V4XqFAeXsHd/hIX/K IC313F3I+8WzvjKBhvt2KnGG9SnoTnq4roBIa1nz//vNX0hyfDm5xPlxQOExzC+c YS8kGt++SvC2wgOsrZEjyk0ecKqDJmZSwW31zXG9/2kTzCbKjuDp+i4TTADqabPC AgbmEGVKBR2Fk7K9Prct27oWoj7LHMaH+Ttb8uQGnG7OgJs9KyRI+2qIu+VaRCGf yfRj+XayPYHV1Amf5dLIKcLMMp/FnkNFoO2YIAZkWVPjXD2uPKUykJJ1GRl8R+0q qtNhPTNNuD6WnYzC8yP0KIQ2tsbg9Q== =j5Ka -----END PGP SIGNATURE----- . -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256

====================================================================
Red Hat Security Advisory

Synopsis: Important: Red Hat Virtualization Host security bug fix and enhancement update [ovirt-4.4.4] Advisory ID: RHSA-2021:0401-01 Product: Red Hat Virtualization Advisory URL: https://access.redhat.com/errata/RHSA-2021:0401 Issue date: 2021-02-03 CVE Names: CVE-2020-25684 CVE-2020-25685 CVE-2020-25686 CVE-2021-3156 ==================================================================== 1. Summary:

An update for imgbased, redhat-release-virtualization-host, and redhat-virtualization-host is now available for Red Hat Virtualization 4 for Red Hat Enterprise Linux 8.

Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE link(s) in the References section.

Relevant releases/architectures:

RHEL 8-based RHEV-H for RHEV 4 (build requirements) - noarch, x86_64 Red Hat Virtualization 4 Hypervisor for RHEL 8 - noarch, x86_64 Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts - noarch

Description:

The redhat-virtualization-host packages provide the Red Hat Virtualization Host. These packages include redhat-release-virtualization-host, ovirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts (RHVH) are installed using a special build of Red Hat Enterprise Linux with only the packages required to host virtual machines. RHVH features a Cockpit user interface for monitoring the host's resources and performing administrative tasks.

Security Fix(es):

sudo: Heap buffer overflow in argument parsing (CVE-2021-3156)
dnsmasq: loose address/port check in reply_query() makes forging replies easier for an off-path attacker (CVE-2020-25684)
dnsmasq: loose query name check in reply_query() makes forging replies easier for an off-path attacker (CVE-2020-25685)
dnsmasq: multiple queries forwarded for the same name makes forging replies easier for an off-path attacker (CVE-2020-25686)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section.

Bug Fix(es):

Previously, the Red Hat Virtualization Host (RHV-H) repository (rhvh-4-for-rhel-8-x86_64-rpms) did not include the libsmbclient package, which is a dependency for the sssd-ad package. Consequently, the sssd-ad package failed to install.

With this update, the libsmbclient is now in the RHV-H repository, and sssd-ad now installs on RHV-H. (BZ#1868967)

Solution:

For details on how to apply this update, which includes the changes described in this advisory, refer to:

https://access.redhat.com/articles/2974891

After installing this update, the smb service will be restarted automatically.

Bugs fixed (https://bugzilla.redhat.com/):

1850939 - Hosted engine deployment does not properly show iSCSI LUN errors 1868967 - sssd-ad installation fails on RHV-H 4.4 due to missing libsmbclient from samba package in rhvh-4-for-rhel-8-x86_64-rpms channel 1889686 - CVE-2020-25684 dnsmasq: loose address/port check in reply_query() makes forging replies easier for an off-path attacker 1889688 - CVE-2020-25685 dnsmasq: loose query name check in reply_query() makes forging replies easier for an off-path attacker 1890125 - CVE-2020-25686 dnsmasq: multiple queries forwarded for the same name makes forging replies easier for an off-path attacker 1902315 - Rebase RHV-H 4.4 to RHV 4.4.4 1902646 - ssh connection fails due to overly permissive openssh.config file permissions 1909644 - HE deploy failed with "Failed to download metadata for repo 'rhel-8-for-x86_64-baseos-beta-rpms': Cannot download repomd.xml 1917684 - CVE-2021-3156 sudo: Heap buffer overflow in argument parsing 1921553 - RHVH upgrade to the latest 4.4.4-1 build will fail due to FileNotFoundError 1923126 - Hosted Engine setup fails on storage selection - Retrieval of iSCSI targets failed.

Package List:

Red Hat Virtualization 4 Management Agent for RHEL 7 Hosts:

Source: cockpit-ovirt-0.14.17-1.el8ev.src.rpm

noarch: cockpit-ovirt-dashboard-0.14.17-1.el8ev.noarch.rpm

Red Hat Virtualization 4 Hypervisor for RHEL 8:

Source: redhat-virtualization-host-4.4.4-20210201.0.el8_3.src.rpm samba-4.12.3-12.el8.3.src.rpm sssd-2.3.0-9.el8.src.rpm

noarch: python3-sssdconfig-2.3.0-9.el8.noarch.rpm redhat-virtualization-host-image-update-4.4.4-20210201.0.el8_3.noarch.rpm

x86_64: libipa_hbac-2.3.0-9.el8.x86_64.rpm libipa_hbac-debuginfo-2.3.0-9.el8.x86_64.rpm libsmbclient-4.12.3-12.el8.3.x86_64.rpm libsmbclient-debuginfo-4.12.3-12.el8.3.x86_64.rpm libsss_autofs-2.3.0-9.el8.x86_64.rpm libsss_autofs-debuginfo-2.3.0-9.el8.x86_64.rpm libsss_certmap-2.3.0-9.el8.x86_64.rpm libsss_certmap-debuginfo-2.3.0-9.el8.x86_64.rpm libsss_idmap-2.3.0-9.el8.x86_64.rpm libsss_idmap-debuginfo-2.3.0-9.el8.x86_64.rpm libsss_nss_idmap-2.3.0-9.el8.x86_64.rpm libsss_nss_idmap-debuginfo-2.3.0-9.el8.x86_64.rpm libsss_nss_idmap-devel-2.3.0-9.el8.x86_64.rpm libsss_simpleifp-2.3.0-9.el8.x86_64.rpm libsss_simpleifp-debuginfo-2.3.0-9.el8.x86_64.rpm libsss_sudo-2.3.0-9.el8.x86_64.rpm libsss_sudo-debuginfo-2.3.0-9.el8.x86_64.rpm python3-libipa_hbac-2.3.0-9.el8.x86_64.rpm python3-libipa_hbac-debuginfo-2.3.0-9.el8.x86_64.rpm python3-libsss_nss_idmap-2.3.0-9.el8.x86_64.rpm python3-libsss_nss_idmap-debuginfo-2.3.0-9.el8.x86_64.rpm python3-sss-2.3.0-9.el8.x86_64.rpm python3-sss-debuginfo-2.3.0-9.el8.x86_64.rpm python3-sss-murmur-2.3.0-9.el8.x86_64.rpm python3-sss-murmur-debuginfo-2.3.0-9.el8.x86_64.rpm samba-debuginfo-4.12.3-12.el8.3.x86_64.rpm samba-debugsource-4.12.3-12.el8.3.x86_64.rpm sssd-2.3.0-9.el8.x86_64.rpm sssd-ad-2.3.0-9.el8.x86_64.rpm sssd-ad-debuginfo-2.3.0-9.el8.x86_64.rpm sssd-client-2.3.0-9.el8.x86_64.rpm sssd-client-debuginfo-2.3.0-9.el8.x86_64.rpm sssd-common-2.3.0-9.el8.x86_64.rpm sssd-common-debuginfo-2.3.0-9.el8.x86_64.rpm sssd-common-pac-2.3.0-9.el8.x86_64.rpm sssd-common-pac-debuginfo-2.3.0-9.el8.x86_64.rpm sssd-dbus-2.3.0-9.el8.x86_64.rpm sssd-dbus-debuginfo-2.3.0-9.el8.x86_64.rpm sssd-debuginfo-2.3.0-9.el8.x86_64.rpm sssd-debugsource-2.3.0-9.el8.x86_64.rpm sssd-ipa-2.3.0-9.el8.x86_64.rpm sssd-ipa-debuginfo-2.3.0-9.el8.x86_64.rpm sssd-kcm-2.3.0-9.el8.x86_64.rpm sssd-kcm-debuginfo-2.3.0-9.el8.x86_64.rpm sssd-krb5-2.3.0-9.el8.x86_64.rpm sssd-krb5-common-2.3.0-9.el8.x86_64.rpm sssd-krb5-common-debuginfo-2.3.0-9.el8.x86_64.rpm sssd-krb5-debuginfo-2.3.0-9.el8.x86_64.rpm sssd-ldap-2.3.0-9.el8.x86_64.rpm sssd-ldap-debuginfo-2.3.0-9.el8.x86_64.rpm sssd-libwbclient-2.3.0-9.el8.x86_64.rpm sssd-libwbclient-debuginfo-2.3.0-9.el8.x86_64.rpm sssd-nfs-idmap-2.3.0-9.el8.x86_64.rpm sssd-nfs-idmap-debuginfo-2.3.0-9.el8.x86_64.rpm sssd-polkit-rules-2.3.0-9.el8.x86_64.rpm sssd-proxy-2.3.0-9.el8.x86_64.rpm sssd-proxy-debuginfo-2.3.0-9.el8.x86_64.rpm sssd-tools-2.3.0-9.el8.x86_64.rpm sssd-tools-debuginfo-2.3.0-9.el8.x86_64.rpm sssd-winbind-idmap-2.3.0-9.el8.x86_64.rpm sssd-winbind-idmap-debuginfo-2.3.0-9.el8.x86_64.rpm

RHEL 8-based RHEV-H for RHEV 4 (build requirements):

Source: imgbased-1.2.16-0.1.el8ev.src.rpm redhat-release-virtualization-host-4.4.4-1.el8ev.src.rpm

noarch: imgbased-1.2.16-0.1.el8ev.noarch.rpm python3-imgbased-1.2.16-0.1.el8ev.noarch.rpm redhat-virtualization-host-image-update-placeholder-4.4.4-1.el8ev.noarch.rpm

x86_64: redhat-release-virtualization-host-4.4.4-1.el8ev.x86_64.rpm

These packages are GPG signed by Red Hat for security. Our key and details on how to verify the signature are available from https://access.redhat.com/security/team/key/

References:

https://access.redhat.com/security/cve/CVE-2020-25684 https://access.redhat.com/security/cve/CVE-2020-25685 https://access.redhat.com/security/cve/CVE-2020-25686 https://access.redhat.com/security/cve/CVE-2021-3156 https://access.redhat.com/security/updates/classification/#important https://access.redhat.com/security/vulnerabilities/RHSB-2021-001 https://access.redhat.com/security/vulnerabilities/RHSB-2021-002

Contact:

The Red Hat security contact is secalert@redhat.com. More contact details at https://access.redhat.com/security/team/contact/

iQIVAwUBYBrMFtzjgjWX9erEAQhLyg//QeuuLd9ARm9ImsGVCZQZmnSnwoeLU5q4 nYjZRw5CLGOuw23qJv17Dj658650+v90lD4JWKUPlSbCnubhmct+WvlbDUG9XX0X gjrtn4cEmFRz3dMEbMr1kWLtGuzRIR63l6yM+H/5Ucw5Q0AqzddYgGi6kcY2ec4I yC2ebejLzBcmRSlObitcgUc2kuLICYFQHCgW0P4dvukE3+B9Ga1l81G3rTtM5H/4 UkpUxoQLXxSMLAyx/3IB0rElvsGCZVqLKSCgUZysgBi+RN1DtyFzF4+Eplc2LGKq yMVI5hPioccorQk1X0102gi0H8yJhVeakn9KEVr4iX+ZrMYhNcMOSAr+mZlKZqjx TwHxyyyUKCekfMWM83dyLRQb18hh32FZCftAsRmKNTIJQ+g5u2nT8dKkaFkWU0NI +LgtMMtLeulg/40fObOuqdXQVp3lLVPLvhyUityGP4PPRrkXCaG3dJDGNIFJ96eU clx9EOpdtDDThmi3IHnN92vnYxcI+j14PY6822ho0LlGCIL9ORyiYVpFbK+yMR6+ UpMPXE0HPrfipVTkR2kDQilcwJTELiJYTqB1tsm/4C3ODt336zPDdcdRvpxGYX8j aNN1pf5K3tT5nN3ry0J7EvzB8cjT0tQTJWri/L4GywZlRRg58q7bqZbRDrzBwzNi md9bPrmC2GU=Sqsc -----END PGP SIGNATURE-----

-- RHSA-announce mailing list RHSA-announce@redhat.com https://www.redhat.com/mailman/listinfo/rhsa-announce . 7.2) - x86_64

This advisory contains the following OpenShift Virtualization 2.6.0 images:

RHEL-8-CNV-2.6 =============kubevirt-cpu-node-labeller-container-v2.6.0-5 kubevirt-cpu-model-nfd-plugin-container-v2.6.0-5 node-maintenance-operator-container-v2.6.0-13 kubevirt-vmware-container-v2.6.0-5 virtio-win-container-v2.6.0-5 kubevirt-kvm-info-nfd-plugin-container-v2.6.0-5 bridge-marker-container-v2.6.0-9 kubevirt-template-validator-container-v2.6.0-9 kubevirt-v2v-conversion-container-v2.6.0-6 kubemacpool-container-v2.6.0-13 kubevirt-ssp-operator-container-v2.6.0-40 hyperconverged-cluster-webhook-container-v2.6.0-73 hyperconverged-cluster-operator-container-v2.6.0-73 ovs-cni-plugin-container-v2.6.0-10 cnv-containernetworking-plugins-container-v2.6.0-10 ovs-cni-marker-container-v2.6.0-10 cluster-network-addons-operator-container-v2.6.0-16 hostpath-provisioner-container-v2.6.0-11 hostpath-provisioner-operator-container-v2.6.0-14 vm-import-virtv2v-container-v2.6.0-21 kubernetes-nmstate-handler-container-v2.6.0-19 vm-import-controller-container-v2.6.0-21 vm-import-operator-container-v2.6.0-21 virt-api-container-v2.6.0-111 virt-controller-container-v2.6.0-111 virt-handler-container-v2.6.0-111 virt-operator-container-v2.6.0-111 virt-launcher-container-v2.6.0-111 cnv-must-gather-container-v2.6.0-54 virt-cdi-importer-container-v2.6.0-24 virt-cdi-cloner-container-v2.6.0-24 virt-cdi-controller-container-v2.6.0-24 virt-cdi-uploadserver-container-v2.6.0-24 virt-cdi-apiserver-container-v2.6.0-24 virt-cdi-uploadproxy-container-v2.6.0-24 virt-cdi-operator-container-v2.6.0-24 hco-bundle-registry-container-v2.6.0-582

Security Fix(es):

golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic (CVE-2020-9283)
golang: crypto/ssh: crafted authentication request can lead to nil pointer dereference (CVE-2020-29652)
gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation (CVE-2021-3121)
golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash (CVE-2020-14040)
golang: data race in certain net/http servers including ReverseProxy can lead to DoS (CVE-2020-15586)
golang: ReadUvarint and ReadVarint can read an unlimited number of bytes from invalid inputs (CVE-2020-16845)
jwt-go: access restriction bypass vulnerability (CVE-2020-26160)
golang-github-gorilla-websocket: integer overflow leads to denial of service (CVE-2020-27813)
golang: math/big: panic during recursive division of very large numbers (CVE-2020-28362)
containernetworking-cni: Arbitrary path injection via type field in CNI configuration (CVE-2021-20206)

For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and other related information, refer to the CVE page(s) listed in the References section. Bugs fixed (https://bugzilla.redhat.com/):

1732329 - Virtual Machine is missing documentation of its properties in yaml editor 1783192 - Guest kernel panic when start RHEL6.10 guest with q35 machine type and virtio disk in cnv 1791753 - [RFE] [SSP] Template validator should check validations in template's parent template 1804533 - CVE-2020-9283 golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic 1848954 - KMP missing CA extensions in cabundle of mutatingwebhookconfiguration 1848956 - KMP requires downtime for CA stabilization during certificate rotation 1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash 1853911 - VM with dot in network name fails to start with unclear message 1854098 - NodeNetworkState on workers doesn't have "status" key due to nmstate-handler pod failure to run "nmstatectl show" 1856347 - SR-IOV : Missing network name for sriov during vm setup 1856953 - CVE-2020-15586 golang: data race in certain net/http servers including ReverseProxy can lead to DoS 1859235 - Common Templates - after upgrade there are 2 common templates per each os-workload-flavor combination 1860714 - No API information from oc explain 1860992 - CNV upgrade - users are not removed from privileged SecurityContextConstraints 1864577 - [v2v][RHV to CNV non migratable source VM fails to import to Ceph-rbd / File system due to overhead required for Filesystem 1866593 - CDI is not handling vm disk clone 1867099 - CVE-2020-16845 golang: ReadUvarint and ReadVarint can read an unlimited number of bytes from invalid inputs 1868817 - Container-native Virtualization 2.6.0 Images 1873771 - Improve the VMCreationFailed error message caused by VM low memory 1874812 - SR-IOV: Guest Agent expose link-local ipv6 address for sometime and then remove it 1878499 - DV import doesn't recover from scratch space PVC deletion 1879108 - Inconsistent naming of "oc virt" command in help text 1881874 - openshift-cnv namespace is getting stuck if the user tries to delete it while CNV is running 1883232 - Webscale: kubevirt/CNV datavolume importer pod inability to disable sidecar injection if namespace has sidecar injection enabled but VM Template does NOT 1883371 - CVE-2020-26160 jwt-go: access restriction bypass vulnerability 1885153 - [v2v][RHV to CNv VM import] Wrong Network mapping do not show a relevant error message 1885418 - [openshift-cnv] issues with memory overhead calculation when limits are used 1887398 - [openshift-cnv][CNV] nodes need to exist and be labeled first, before the NodeNetworkConfigurationPolicy is applied 1889295 - [v2v][VMware to CNV VM import API] diskMappings: volumeMode Block is not passed on to PVC request. 1891285 - Common templates and kubevirt-config cm - update machine-type 1891440 - [v2v][VMware to CNV VM import API]Source VM with no network interface fail with unclear error 1892227 - [SSP] cluster scoped resources are not being reconciled 1893278 - openshift-virtualization-os-images namespace not seen by user 1893646 - [HCO] Pod placement configuration - dry run is not performed for all the configuration stanza 1894428 - Message for VMI not migratable is not clear enough 1894824 - [v2v][VM import] Pick the smallest template for the imported VM, and not always Medium 1894897 - [v2v][VMIO] VMimport CR is not reported as failed when target VM is deleted during the import 1895414 - Virt-operator is accepting updates to the placement of its workload components even with running VMs 1897635 - CVE-2020-28362 golang: math/big: panic during recursive division of very large numbers 1898072 - Add Fedora33 to Fedora common templates 1898840 - [v2v] VM import VMWare to CNV Import 63 chars vm name should not fail 1899558 - CNV 2.6 - nmstate fails to set state 1901480 - VM disk io can't worked if namespace have label kubemacpool 1902046 - Not possible to edit CDIConfig (through CDI CR / CDIConfig) 1902111 - CVE-2020-27813 golang-github-gorilla-websocket: integer overflow leads to denial of service 1903014 - hco-webhook pod in CreateContainerError 1903585 - [v2v] Windows 2012 VM imported from RHV goes into Windows repair mode 1904797 - [VMIO][vmware] A migrated RHEL/Windows VM starts in emergency mode/safe mode when target storage is NFS and target namespace is NOT "default" 1906199 - [CNV-2.5] CNV Tries to Install on Windows Workers 1907151 - kubevirt version is not reported correctly via virtctl 1907352 - VM/VMI link changes to kubevirt.io~v1~VirtualMachineInstance on CNV 2.6 1907691 - [CNV] Configuring NodeNetworkConfigurationPolicy caused "Internal error occurred" for creating datavolume 1907988 - VM loses dynamic IP address of its default interface after migration 1908363 - Applying NodeNetworkConfigurationPolicy for different NIC than default disables br-ex bridge and nodes lose connectivity 1908421 - [v2v] [VM import RHV to CNV] Windows imported VM boot failed: INACCESSIBLE BOOT DEVICE error 1908883 - CVE-2020-29652 golang: crypto/ssh: crafted authentication request can lead to nil pointer dereference 1909458 - [V2V][VMware to CNV VM import via api using VMIO] VM import to Ceph RBD/BLOCK fails on "qemu-img: /data/disk.img" error 1910857 - Provide a mechanism to enable the HotplugVolumes feature gate via HCO 1911118 - Windows VMI LiveMigration / shutdown fails on 'XML error: non unique alias detected: ua-') 1911396 - Set networkInterfaceMultiqueue false in rhel 6 template for e1000e interface 1911662 - el6 guests don't work properly if virtio bus is specified on various devices 1912908 - Allow using "scsi" bus for disks in template validation 1913248 - Creating vlan interface on top of a bond device via NodeNetworkConfigurationPolicy fails 1913320 - Informative message needed with virtctl image-upload, that additional step is needed from the user 1913717 - Users should have read permitions for golden images data volumes 1913756 - Migrating to Ceph-RBD + Block fails when skipping zeroes 1914177 - CNV does not preallocate blank file data volumes 1914608 - Obsolete CPU models (kubevirt-cpu-plugin-configmap) are set on worker nodes 1914947 - HPP golden images - DV shoudld not be created with WaitForFirstConsumer 1917908 - [VMIO] vmimport pod fail to create when using ceph-rbd/block 1917963 - [CNV 2.6] Unable to install CNV disconnected - requires kvm-info-nfd-plugin which is not mirrored 1919391 - CVE-2021-20206 containernetworking-cni: Arbitrary path injection via type field in CNI configuration 1920576 - HCO can report ready=true when it failed to create a CR for a component operator 1920610 - e2e-aws-4.7-cnv consistently failing on Hyperconverged Cluster Operator 1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation 1923979 - kubernetes-nmstate: nmstate-handler pod crashes when configuring bridge device using ip tool 1927373 - NoExecute taint violates pdb; VMIs are not live migrated 1931376 - VMs disconnected from nmstate-defined bridge after CNV-2.5.4->CNV-2.6.0 upgrade

Bug Fix(es):

When performing an upgrade of the Red Hat Virtualization Host using the command yum update, the yum repository for RHV 4.3 EUS is unreachable

As a workaround, run the following command: # yum update --releasever=7Server (BZ#1899378)

8.1) - aarch64, ppc64le, s390x, x86_64
Gentoo Linux Security Advisory GLSA 202101-17

                                       https://security.gentoo.org/

Severity: Normal Title: Dnsmasq: Multiple vulnerabilities Date: January 22, 2021 Bugs: #766126 ID: 202101-17

Synopsis

Multiple vulnerabilities have been found in Dnsmasq, the worst of which may allow remote attackers to execute arbitrary code.

Affected packages

-------------------------------------------------------------------
 Package              /     Vulnerable     /            Unaffected
-------------------------------------------------------------------

1 net-dns/dnsmasq < 2.83 >= 2.83

Description

Multiple vulnerabilities have been discovered in Dnsmasq.

Impact

An attacker, by sending specially crafted DNS replies, could possibly execute arbitrary code with the privileges of the process, perform a cache poisoning attack or cause a Denial of Service condition.

Workaround

There is no known workaround at this time.

Resolution

All Dnsmasq users should upgrade to the latest version:

# emerge --sync # emerge --ask --oneshot --verbose ">=net-dns/dnsmasq-2.83"

References

[ 1 ] CVE-2020-25681 https://nvd.nist.gov/vuln/detail/CVE-2020-25681 [ 2 ] CVE-2020-25682 https://nvd.nist.gov/vuln/detail/CVE-2020-25682 [ 3 ] CVE-2020-25683 https://nvd.nist.gov/vuln/detail/CVE-2020-25683 [ 4 ] CVE-2020-25684 https://nvd.nist.gov/vuln/detail/CVE-2020-25684 [ 5 ] CVE-2020-25685 https://nvd.nist.gov/vuln/detail/CVE-2020-25685 [ 6 ] CVE-2020-25686 https://nvd.nist.gov/vuln/detail/CVE-2020-25686 [ 7 ] CVE-2020-25687 https://nvd.nist.gov/vuln/detail/CVE-2020-25687

Availability

This GLSA and any updates to it are available for viewing at the Gentoo Security Website:

https://security.gentoo.org/glsa/202101-17

Concerns?

Security is a primary focus of Gentoo Linux and ensuring the confidentiality and security of our users' machines is of utmost importance to us. Any security concerns should be addressed to security@gentoo.org or alternatively, you may file a bug at https://bugs.gentoo.org.

License

The contents of this document are licensed under the Creative Commons - Attribution / Share Alike license.

https://creativecommons.org/licenses/by-sa/2.5

Show details on source website

JSON

To clipboard

{
  "affected_products": {
    "_id": null,
    "data": [
      {
        "_id": null,
        "model": "fedora",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fedoraproject",
        "version": "32"
      },
      {
        "_id": null,
        "model": "eos",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "arista",
        "version": "4.25.2f"
      },
      {
        "_id": null,
        "model": "eos",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "arista",
        "version": "4.23"
      },
      {
        "_id": null,
        "model": "eos",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "arista",
        "version": "4.23.7m"
      },
      {
        "_id": null,
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "10.0"
      },
      {
        "_id": null,
        "model": "eos",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "arista",
        "version": "4.24"
      },
      {
        "_id": null,
        "model": "eos",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "arista",
        "version": "4.25"
      },
      {
        "_id": null,
        "model": "eos",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "arista",
        "version": "4.21"
      },
      {
        "_id": null,
        "model": "linux",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "debian",
        "version": "9.0"
      },
      {
        "_id": null,
        "model": "eos",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "arista",
        "version": "4.22.9m"
      },
      {
        "_id": null,
        "model": "eos",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "arista",
        "version": "4.21.14m"
      },
      {
        "_id": null,
        "model": "fedora",
        "scope": "eq",
        "trust": 1.0,
        "vendor": "fedoraproject",
        "version": "33"
      },
      {
        "_id": null,
        "model": "eos",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "arista",
        "version": "4.24.5m"
      },
      {
        "_id": null,
        "model": "eos",
        "scope": "gte",
        "trust": 1.0,
        "vendor": "arista",
        "version": "4.22"
      },
      {
        "_id": null,
        "model": "dnsmasq",
        "scope": "lt",
        "trust": 1.0,
        "vendor": "thekelleys",
        "version": "2.83"
      },
      {
        "_id": null,
        "model": "dnsmasq",
        "scope": "eq",
        "trust": 0.6,
        "vendor": "dnsmasq",
        "version": "2.83"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-16431"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-25684"
      }
    ]
  },
  "credits": {
    "_id": null,
    "data": "Ubuntu",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202101-1611"
      }
    ],
    "trust": 0.6
  },
  "cve": "CVE-2020-25684",
  "cvss": {
    "_id": null,
    "data": [
      {
        "cvssV2": [
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "CVE-2020-25684",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 1.1,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          },
          {
            "accessComplexity": "MEDIUM",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "author": "CNVD",
            "availabilityImpact": "NONE",
            "baseScore": 4.3,
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 8.6,
            "id": "CNVD-2021-16431",
            "impactScore": 2.9,
            "integrityImpact": "PARTIAL",
            "severity": "MEDIUM",
            "trust": 0.6,
            "vectorString": "AV:N/AC:M/Au:N/C:N/I:P/A:N",
            "version": "2.0"
          }
        ],
        "cvssV3": [
          {
            "attackComplexity": "HIGH",
            "attackVector": "NETWORK",
            "author": "nvd@nist.gov",
            "availabilityImpact": "NONE",
            "baseScore": 3.7,
            "baseSeverity": "LOW",
            "confidentialityImpact": "NONE",
            "exploitabilityScore": 2.2,
            "id": "CVE-2020-25684",
            "impactScore": 1.4,
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "trust": 1.0,
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:L/A:N",
            "version": "3.1"
          }
        ],
        "severity": [
          {
            "author": "nvd@nist.gov",
            "id": "CVE-2020-25684",
            "trust": 1.0,
            "value": "LOW"
          },
          {
            "author": "CNVD",
            "id": "CNVD-2021-16431",
            "trust": 0.6,
            "value": "MEDIUM"
          },
          {
            "author": "CNNVD",
            "id": "CNNVD-202101-1611",
            "trust": 0.6,
            "value": "LOW"
          },
          {
            "author": "VULMON",
            "id": "CVE-2020-25684",
            "trust": 0.1,
            "value": "MEDIUM"
          }
        ]
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-16431"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-25684"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202101-1611"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-25684"
      }
    ]
  },
  "description": {
    "_id": null,
    "data": "A flaw was found in dnsmasq before version 2.83. When getting a reply from a forwarded query, dnsmasq checks in the forward.c:reply_query() if the reply destination address/port is used by the pending forwarded queries. However, it does not use the address/port to retrieve the exact forwarded query, substantially reducing the number of attempts an attacker on the network would have to perform to forge a reply and get it accepted by dnsmasq. This issue contrasts with RFC5452, which specifies a query\u0027s attributes that all must be used to match a reply. This flaw allows an attacker to perform a DNS Cache Poisoning attack. If chained with CVE-2020-25685 or CVE-2020-25686, the attack complexity of a successful attack is reduced. The highest threat from this vulnerability is to data integrity. Dnsmasq is a lightweight DNS forwarding and DHCP and TFTP server written in C language. \n\nFor the stable distribution (buster), these problems have been fixed in\nversion 2.80-1+deb10u1. \n\nFor the detailed security status of dnsmasq please refer to\nits security tracker page at:\nhttps://security-tracker.debian.org/tracker/dnsmasq\n\nFurther information about Debian Security Advisories, how to apply\nthese updates to your system and frequently asked questions can be\nfound at: https://www.debian.org/security/\n\nMailing list: debian-security-announce@lists.debian.org\n-----BEGIN PGP SIGNATURE-----\n\niQEzBAEBCgAdFiEEAqSkbVtrXP4xJMh3EL6Jg/PVnWQFAmAZVA4ACgkQEL6Jg/PV\nnWQYKAgAgVwonRAgXSliaFh0n44OPOz9wf4KibG7otcnAx4V4XqFAeXsHd/hIX/K\nIC313F3I+8WzvjKBhvt2KnGG9SnoTnq4roBIa1nz//vNX0hyfDm5xPlxQOExzC+c\nYS8kGt++SvC2wgOsrZEjyk0ecKqDJmZSwW31zXG9/2kTzCbKjuDp+i4TTADqabPC\nAgbmEGVKBR2Fk7K9Prct27oWoj7LHMaH+Ttb8uQGnG7OgJs9KyRI+2qIu+VaRCGf\nyfRj+XayPYHV1Amf5dLIKcLMMp/FnkNFoO2YIAZkWVPjXD2uPKUykJJ1GRl8R+0q\nqtNhPTNNuD6WnYzC8yP0KIQ2tsbg9Q==\n=j5Ka\n-----END PGP SIGNATURE-----\n. -----BEGIN PGP SIGNED MESSAGE-----\nHash: SHA256\n\n====================================================================                   \nRed Hat Security Advisory\n\nSynopsis:          Important: Red Hat Virtualization Host security bug fix and enhancement update [ovirt-4.4.4]\nAdvisory ID:       RHSA-2021:0401-01\nProduct:           Red Hat Virtualization\nAdvisory URL:      https://access.redhat.com/errata/RHSA-2021:0401\nIssue date:        2021-02-03\nCVE Names:         CVE-2020-25684 CVE-2020-25685 CVE-2020-25686\n                   CVE-2021-3156\n====================================================================\n1. Summary:\n\nAn update for imgbased, redhat-release-virtualization-host, and\nredhat-virtualization-host is now available for Red Hat Virtualization 4\nfor Red Hat Enterprise Linux 8. \n\nRed Hat Product Security has rated this update as having a security impact\nof Important. A Common Vulnerability Scoring System (CVSS) base score,\nwhich gives a detailed severity rating, is available for each vulnerability\nfrom the CVE link(s) in the References section. \n\n2. Relevant releases/architectures:\n\nRHEL 8-based RHEV-H for RHEV 4 (build requirements) - noarch, x86_64\nRed Hat Virtualization 4 Hypervisor for RHEL 8 - noarch, x86_64\nRed Hat Virtualization 4 Management Agent for RHEL 7 Hosts - noarch\n\n3. Description:\n\nThe redhat-virtualization-host packages provide the Red Hat Virtualization\nHost. These packages include redhat-release-virtualization-host,\novirt-node, and rhev-hypervisor. Red Hat Virtualization Hosts (RHVH) are\ninstalled using a special build of Red Hat Enterprise Linux with only the\npackages required to host virtual machines. RHVH features a Cockpit user\ninterface for monitoring the host\u0027s resources and performing administrative\ntasks. \n\nSecurity Fix(es):\n\n* sudo: Heap buffer overflow in argument parsing (CVE-2021-3156)\n\n* dnsmasq: loose address/port check in reply_query() makes forging replies\neasier for an off-path attacker (CVE-2020-25684)\n\n* dnsmasq: loose query name check in reply_query() makes forging replies\neasier for an off-path attacker (CVE-2020-25685)\n\n* dnsmasq: multiple queries forwarded for the same name makes forging\nreplies easier for an off-path attacker (CVE-2020-25686)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. \n\nBug Fix(es):\n\n* Previously, the Red Hat Virtualization Host (RHV-H) repository\n(rhvh-4-for-rhel-8-x86_64-rpms) did not include the libsmbclient package,\nwhich is a dependency for the sssd-ad package. Consequently, the sssd-ad\npackage failed to install. \n\nWith this update, the libsmbclient is now in the RHV-H repository, and\nsssd-ad now installs on RHV-H. (BZ#1868967)\n\n4. Solution:\n\nFor details on how to apply this update, which includes the changes\ndescribed in this advisory, refer to:\n\nhttps://access.redhat.com/articles/2974891\n\nAfter installing this update, the smb service will be restarted\nautomatically. \n\n5. Bugs fixed (https://bugzilla.redhat.com/):\n\n1850939 - Hosted engine deployment does not properly show iSCSI LUN errors\n1868967 - sssd-ad installation fails on RHV-H 4.4 due to missing libsmbclient from samba package in rhvh-4-for-rhel-8-x86_64-rpms channel\n1889686 - CVE-2020-25684 dnsmasq: loose address/port check in reply_query() makes forging replies easier for an off-path attacker\n1889688 - CVE-2020-25685 dnsmasq: loose query name check in reply_query() makes forging replies easier for an off-path attacker\n1890125 - CVE-2020-25686 dnsmasq: multiple queries forwarded for the same name makes forging replies easier for an off-path attacker\n1902315 - Rebase RHV-H 4.4 to RHV 4.4.4\n1902646 - ssh connection fails due to overly permissive openssh.config file permissions\n1909644 - HE deploy failed with \"Failed to download metadata for repo \u0027rhel-8-for-x86_64-baseos-beta-rpms\u0027: Cannot download repomd.xml\n1917684 - CVE-2021-3156 sudo: Heap buffer overflow in argument parsing\n1921553 - RHVH upgrade to the latest 4.4.4-1 build will fail due to FileNotFoundError\n1923126 - Hosted Engine setup fails on storage selection - Retrieval of iSCSI targets failed. \n\n6. Package List:\n\nRed Hat Virtualization 4 Management Agent for RHEL 7 Hosts:\n\nSource:\ncockpit-ovirt-0.14.17-1.el8ev.src.rpm\n\nnoarch:\ncockpit-ovirt-dashboard-0.14.17-1.el8ev.noarch.rpm\n\nRed Hat Virtualization 4 Hypervisor for RHEL 8:\n\nSource:\nredhat-virtualization-host-4.4.4-20210201.0.el8_3.src.rpm\nsamba-4.12.3-12.el8.3.src.rpm\nsssd-2.3.0-9.el8.src.rpm\n\nnoarch:\npython3-sssdconfig-2.3.0-9.el8.noarch.rpm\nredhat-virtualization-host-image-update-4.4.4-20210201.0.el8_3.noarch.rpm\n\nx86_64:\nlibipa_hbac-2.3.0-9.el8.x86_64.rpm\nlibipa_hbac-debuginfo-2.3.0-9.el8.x86_64.rpm\nlibsmbclient-4.12.3-12.el8.3.x86_64.rpm\nlibsmbclient-debuginfo-4.12.3-12.el8.3.x86_64.rpm\nlibsss_autofs-2.3.0-9.el8.x86_64.rpm\nlibsss_autofs-debuginfo-2.3.0-9.el8.x86_64.rpm\nlibsss_certmap-2.3.0-9.el8.x86_64.rpm\nlibsss_certmap-debuginfo-2.3.0-9.el8.x86_64.rpm\nlibsss_idmap-2.3.0-9.el8.x86_64.rpm\nlibsss_idmap-debuginfo-2.3.0-9.el8.x86_64.rpm\nlibsss_nss_idmap-2.3.0-9.el8.x86_64.rpm\nlibsss_nss_idmap-debuginfo-2.3.0-9.el8.x86_64.rpm\nlibsss_nss_idmap-devel-2.3.0-9.el8.x86_64.rpm\nlibsss_simpleifp-2.3.0-9.el8.x86_64.rpm\nlibsss_simpleifp-debuginfo-2.3.0-9.el8.x86_64.rpm\nlibsss_sudo-2.3.0-9.el8.x86_64.rpm\nlibsss_sudo-debuginfo-2.3.0-9.el8.x86_64.rpm\npython3-libipa_hbac-2.3.0-9.el8.x86_64.rpm\npython3-libipa_hbac-debuginfo-2.3.0-9.el8.x86_64.rpm\npython3-libsss_nss_idmap-2.3.0-9.el8.x86_64.rpm\npython3-libsss_nss_idmap-debuginfo-2.3.0-9.el8.x86_64.rpm\npython3-sss-2.3.0-9.el8.x86_64.rpm\npython3-sss-debuginfo-2.3.0-9.el8.x86_64.rpm\npython3-sss-murmur-2.3.0-9.el8.x86_64.rpm\npython3-sss-murmur-debuginfo-2.3.0-9.el8.x86_64.rpm\nsamba-debuginfo-4.12.3-12.el8.3.x86_64.rpm\nsamba-debugsource-4.12.3-12.el8.3.x86_64.rpm\nsssd-2.3.0-9.el8.x86_64.rpm\nsssd-ad-2.3.0-9.el8.x86_64.rpm\nsssd-ad-debuginfo-2.3.0-9.el8.x86_64.rpm\nsssd-client-2.3.0-9.el8.x86_64.rpm\nsssd-client-debuginfo-2.3.0-9.el8.x86_64.rpm\nsssd-common-2.3.0-9.el8.x86_64.rpm\nsssd-common-debuginfo-2.3.0-9.el8.x86_64.rpm\nsssd-common-pac-2.3.0-9.el8.x86_64.rpm\nsssd-common-pac-debuginfo-2.3.0-9.el8.x86_64.rpm\nsssd-dbus-2.3.0-9.el8.x86_64.rpm\nsssd-dbus-debuginfo-2.3.0-9.el8.x86_64.rpm\nsssd-debuginfo-2.3.0-9.el8.x86_64.rpm\nsssd-debugsource-2.3.0-9.el8.x86_64.rpm\nsssd-ipa-2.3.0-9.el8.x86_64.rpm\nsssd-ipa-debuginfo-2.3.0-9.el8.x86_64.rpm\nsssd-kcm-2.3.0-9.el8.x86_64.rpm\nsssd-kcm-debuginfo-2.3.0-9.el8.x86_64.rpm\nsssd-krb5-2.3.0-9.el8.x86_64.rpm\nsssd-krb5-common-2.3.0-9.el8.x86_64.rpm\nsssd-krb5-common-debuginfo-2.3.0-9.el8.x86_64.rpm\nsssd-krb5-debuginfo-2.3.0-9.el8.x86_64.rpm\nsssd-ldap-2.3.0-9.el8.x86_64.rpm\nsssd-ldap-debuginfo-2.3.0-9.el8.x86_64.rpm\nsssd-libwbclient-2.3.0-9.el8.x86_64.rpm\nsssd-libwbclient-debuginfo-2.3.0-9.el8.x86_64.rpm\nsssd-nfs-idmap-2.3.0-9.el8.x86_64.rpm\nsssd-nfs-idmap-debuginfo-2.3.0-9.el8.x86_64.rpm\nsssd-polkit-rules-2.3.0-9.el8.x86_64.rpm\nsssd-proxy-2.3.0-9.el8.x86_64.rpm\nsssd-proxy-debuginfo-2.3.0-9.el8.x86_64.rpm\nsssd-tools-2.3.0-9.el8.x86_64.rpm\nsssd-tools-debuginfo-2.3.0-9.el8.x86_64.rpm\nsssd-winbind-idmap-2.3.0-9.el8.x86_64.rpm\nsssd-winbind-idmap-debuginfo-2.3.0-9.el8.x86_64.rpm\n\nRHEL 8-based RHEV-H for RHEV 4 (build requirements):\n\nSource:\nimgbased-1.2.16-0.1.el8ev.src.rpm\nredhat-release-virtualization-host-4.4.4-1.el8ev.src.rpm\n\nnoarch:\nimgbased-1.2.16-0.1.el8ev.noarch.rpm\npython3-imgbased-1.2.16-0.1.el8ev.noarch.rpm\nredhat-virtualization-host-image-update-placeholder-4.4.4-1.el8ev.noarch.rpm\n\nx86_64:\nredhat-release-virtualization-host-4.4.4-1.el8ev.x86_64.rpm\n\nThese packages are GPG signed by Red Hat for security.  Our key and\ndetails on how to verify the signature are available from\nhttps://access.redhat.com/security/team/key/\n\n7. References:\n\nhttps://access.redhat.com/security/cve/CVE-2020-25684\nhttps://access.redhat.com/security/cve/CVE-2020-25685\nhttps://access.redhat.com/security/cve/CVE-2020-25686\nhttps://access.redhat.com/security/cve/CVE-2021-3156\nhttps://access.redhat.com/security/updates/classification/#important\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2021-001\nhttps://access.redhat.com/security/vulnerabilities/RHSB-2021-002\n\n8. Contact:\n\nThe Red Hat security contact is \u003csecalert@redhat.com\u003e. More contact\ndetails at https://access.redhat.com/security/team/contact/\n\nCopyright 2021 Red Hat, Inc. \n-----BEGIN PGP SIGNATURE-----\nVersion: GnuPG v1\n\niQIVAwUBYBrMFtzjgjWX9erEAQhLyg//QeuuLd9ARm9ImsGVCZQZmnSnwoeLU5q4\nnYjZRw5CLGOuw23qJv17Dj658650+v90lD4JWKUPlSbCnubhmct+WvlbDUG9XX0X\ngjrtn4cEmFRz3dMEbMr1kWLtGuzRIR63l6yM+H/5Ucw5Q0AqzddYgGi6kcY2ec4I\nyC2ebejLzBcmRSlObitcgUc2kuLICYFQHCgW0P4dvukE3+B9Ga1l81G3rTtM5H/4\nUkpUxoQLXxSMLAyx/3IB0rElvsGCZVqLKSCgUZysgBi+RN1DtyFzF4+Eplc2LGKq\nyMVI5hPioccorQk1X0102gi0H8yJhVeakn9KEVr4iX+ZrMYhNcMOSAr+mZlKZqjx\nTwHxyyyUKCekfMWM83dyLRQb18hh32FZCftAsRmKNTIJQ+g5u2nT8dKkaFkWU0NI\n+LgtMMtLeulg/40fObOuqdXQVp3lLVPLvhyUityGP4PPRrkXCaG3dJDGNIFJ96eU\nclx9EOpdtDDThmi3IHnN92vnYxcI+j14PY6822ho0LlGCIL9ORyiYVpFbK+yMR6+\nUpMPXE0HPrfipVTkR2kDQilcwJTELiJYTqB1tsm/4C3ODt336zPDdcdRvpxGYX8j\naNN1pf5K3tT5nN3ry0J7EvzB8cjT0tQTJWri/L4GywZlRRg58q7bqZbRDrzBwzNi\nmd9bPrmC2GU=Sqsc\n-----END PGP SIGNATURE-----\n\n--\nRHSA-announce mailing list\nRHSA-announce@redhat.com\nhttps://www.redhat.com/mailman/listinfo/rhsa-announce\n. 7.2) - x86_64\n\n3. \n\nThis advisory contains the following OpenShift Virtualization 2.6.0 images:\n\nRHEL-8-CNV-2.6\n=============kubevirt-cpu-node-labeller-container-v2.6.0-5\nkubevirt-cpu-model-nfd-plugin-container-v2.6.0-5\nnode-maintenance-operator-container-v2.6.0-13\nkubevirt-vmware-container-v2.6.0-5\nvirtio-win-container-v2.6.0-5\nkubevirt-kvm-info-nfd-plugin-container-v2.6.0-5\nbridge-marker-container-v2.6.0-9\nkubevirt-template-validator-container-v2.6.0-9\nkubevirt-v2v-conversion-container-v2.6.0-6\nkubemacpool-container-v2.6.0-13\nkubevirt-ssp-operator-container-v2.6.0-40\nhyperconverged-cluster-webhook-container-v2.6.0-73\nhyperconverged-cluster-operator-container-v2.6.0-73\novs-cni-plugin-container-v2.6.0-10\ncnv-containernetworking-plugins-container-v2.6.0-10\novs-cni-marker-container-v2.6.0-10\ncluster-network-addons-operator-container-v2.6.0-16\nhostpath-provisioner-container-v2.6.0-11\nhostpath-provisioner-operator-container-v2.6.0-14\nvm-import-virtv2v-container-v2.6.0-21\nkubernetes-nmstate-handler-container-v2.6.0-19\nvm-import-controller-container-v2.6.0-21\nvm-import-operator-container-v2.6.0-21\nvirt-api-container-v2.6.0-111\nvirt-controller-container-v2.6.0-111\nvirt-handler-container-v2.6.0-111\nvirt-operator-container-v2.6.0-111\nvirt-launcher-container-v2.6.0-111\ncnv-must-gather-container-v2.6.0-54\nvirt-cdi-importer-container-v2.6.0-24\nvirt-cdi-cloner-container-v2.6.0-24\nvirt-cdi-controller-container-v2.6.0-24\nvirt-cdi-uploadserver-container-v2.6.0-24\nvirt-cdi-apiserver-container-v2.6.0-24\nvirt-cdi-uploadproxy-container-v2.6.0-24\nvirt-cdi-operator-container-v2.6.0-24\nhco-bundle-registry-container-v2.6.0-582\n\nSecurity Fix(es):\n\n* golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows\nfor panic (CVE-2020-9283)\n\n* golang: crypto/ssh: crafted authentication request can lead to nil\npointer dereference (CVE-2020-29652)\n\n* gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index\nvalidation (CVE-2021-3121)\n\n* golang.org/x/text: possibility to trigger an infinite loop in\nencoding/unicode could lead to crash (CVE-2020-14040)\n\n* golang: data race in certain net/http servers including ReverseProxy can\nlead to DoS (CVE-2020-15586)\n\n* golang: ReadUvarint and ReadVarint can read an unlimited number of bytes\nfrom invalid inputs (CVE-2020-16845)\n\n* jwt-go: access restriction bypass vulnerability (CVE-2020-26160)\n\n* golang-github-gorilla-websocket: integer overflow leads to denial of\nservice (CVE-2020-27813)\n\n* golang: math/big: panic during recursive division of very large numbers\n(CVE-2020-28362)\n\n* containernetworking-cni: Arbitrary path injection via type field in CNI\nconfiguration (CVE-2021-20206)\n\nFor more details about the security issue(s), including the impact, a CVSS\nscore, acknowledgments, and other related information, refer to the CVE\npage(s) listed in the References section. Bugs fixed (https://bugzilla.redhat.com/):\n\n1732329 - Virtual Machine is missing documentation of its properties in yaml editor\n1783192 - Guest kernel panic when start RHEL6.10 guest with q35 machine type and virtio disk in cnv\n1791753 - [RFE] [SSP] Template validator should check validations in template\u0027s parent template\n1804533 - CVE-2020-9283 golang.org/x/crypto: Processing of crafted ssh-ed25519 public keys allows for panic\n1848954 - KMP missing CA extensions  in cabundle of mutatingwebhookconfiguration\n1848956 - KMP  requires downtime for CA stabilization during certificate rotation\n1853652 - CVE-2020-14040 golang.org/x/text: possibility to trigger an infinite loop in encoding/unicode could lead to crash\n1853911 - VM with dot in network name fails to start with unclear message\n1854098 - NodeNetworkState on workers doesn\u0027t have \"status\" key due to nmstate-handler pod failure to run \"nmstatectl show\"\n1856347 - SR-IOV : Missing network name for sriov during vm setup\n1856953 - CVE-2020-15586 golang: data race in certain net/http servers including ReverseProxy can lead to DoS\n1859235 - Common Templates - after upgrade there are 2  common templates per each os-workload-flavor combination\n1860714 - No API information from `oc explain`\n1860992 - CNV upgrade - users are not removed from privileged  SecurityContextConstraints\n1864577 - [v2v][RHV to CNV non migratable source VM fails to import to Ceph-rbd / File system due to overhead required for Filesystem\n1866593 - CDI is not handling vm disk clone\n1867099 - CVE-2020-16845 golang: ReadUvarint and ReadVarint can read an unlimited number of bytes from invalid inputs\n1868817 - Container-native Virtualization 2.6.0 Images\n1873771 - Improve the VMCreationFailed error message caused by VM low memory\n1874812 - SR-IOV: Guest Agent  expose link-local ipv6 address  for sometime and then remove it\n1878499 - DV import doesn\u0027t recover from scratch space PVC deletion\n1879108 - Inconsistent naming of \"oc virt\" command in help text\n1881874 - openshift-cnv namespace is getting stuck if the user tries to delete it while CNV is running\n1883232 - Webscale: kubevirt/CNV datavolume importer pod inability to disable sidecar injection if namespace has sidecar injection enabled but VM Template does NOT\n1883371 - CVE-2020-26160 jwt-go: access restriction bypass vulnerability\n1885153 - [v2v][RHV to CNv VM import] Wrong Network mapping do not show a relevant error message\n1885418 - [openshift-cnv] issues with memory overhead calculation when limits are used\n1887398 - [openshift-cnv][CNV] nodes need to exist and be labeled first, *before* the NodeNetworkConfigurationPolicy is applied\n1889295 - [v2v][VMware to CNV VM import API] diskMappings: volumeMode Block is not passed on to PVC request. \n1891285 - Common templates and kubevirt-config cm - update machine-type\n1891440 - [v2v][VMware to CNV VM import API]Source VM with no network interface fail with unclear error\n1892227 - [SSP] cluster scoped resources are not being reconciled\n1893278 - openshift-virtualization-os-images namespace not seen by user\n1893646 - [HCO] Pod placement configuration - dry run is not performed for all the configuration stanza\n1894428 - Message for VMI not migratable is not clear enough\n1894824 - [v2v][VM import] Pick the smallest template for the imported VM, and not always Medium\n1894897 - [v2v][VMIO] VMimport CR is not reported as failed when target VM is deleted during the import\n1895414 - Virt-operator is accepting updates to the placement of its workload components even with running VMs\n1897635 - CVE-2020-28362 golang: math/big: panic during recursive division of very large numbers\n1898072 - Add Fedora33 to Fedora common templates\n1898840 - [v2v] VM import VMWare to CNV Import 63 chars vm name should not fail\n1899558 - CNV 2.6 - nmstate fails to set state\n1901480 - VM disk io can\u0027t worked if namespace have label kubemacpool\n1902046 - Not possible to edit CDIConfig (through CDI CR / CDIConfig)\n1902111 - CVE-2020-27813 golang-github-gorilla-websocket: integer overflow leads to denial of service\n1903014 - hco-webhook pod in CreateContainerError\n1903585 - [v2v] Windows 2012 VM imported from RHV goes into Windows repair mode\n1904797 - [VMIO][vmware] A migrated RHEL/Windows VM starts in emergency mode/safe mode when target storage is NFS and target namespace is NOT \"default\"\n1906199 - [CNV-2.5] CNV Tries to Install on Windows Workers\n1907151 - kubevirt version is not reported correctly via virtctl\n1907352 - VM/VMI link changes to `kubevirt.io~v1~VirtualMachineInstance` on CNV 2.6\n1907691 - [CNV] Configuring NodeNetworkConfigurationPolicy caused \"Internal error occurred\" for creating datavolume\n1907988 - VM loses dynamic IP address of its default interface after migration\n1908363 - Applying NodeNetworkConfigurationPolicy for different NIC than default disables br-ex bridge and nodes lose connectivity\n1908421 - [v2v] [VM import RHV to CNV] Windows imported VM boot failed: INACCESSIBLE BOOT DEVICE error\n1908883 - CVE-2020-29652 golang: crypto/ssh: crafted authentication request can lead to nil pointer dereference\n1909458 - [V2V][VMware to CNV VM import via api using VMIO] VM import  to Ceph RBD/BLOCK fails on \"qemu-img: /data/disk.img\" error\n1910857 - Provide a mechanism to enable the HotplugVolumes feature gate via HCO\n1911118 - Windows VMI LiveMigration / shutdown fails on \u0027XML error: non unique alias detected: ua-\u0027)\n1911396 - Set networkInterfaceMultiqueue false in rhel 6 template for e1000e interface\n1911662 - el6 guests don\u0027t work properly if virtio bus is specified on various devices\n1912908 - Allow using \"scsi\" bus for disks in template validation\n1913248 - Creating vlan interface on top of a bond device via NodeNetworkConfigurationPolicy fails\n1913320 - Informative message needed with virtctl image-upload, that additional step is needed from the user\n1913717 - Users should have read permitions for golden images data volumes\n1913756 - Migrating to Ceph-RBD + Block fails when skipping zeroes\n1914177 - CNV does not preallocate blank file data volumes\n1914608 - Obsolete CPU models (kubevirt-cpu-plugin-configmap) are set on worker nodes\n1914947 - HPP golden images - DV shoudld not be created with WaitForFirstConsumer\n1917908 - [VMIO] vmimport pod fail to create when using ceph-rbd/block\n1917963 - [CNV 2.6] Unable to install CNV disconnected - requires kvm-info-nfd-plugin which is not mirrored\n1919391 - CVE-2021-20206 containernetworking-cni: Arbitrary path injection via type field in CNI configuration\n1920576 - HCO can report ready=true when it failed to create a CR for a component operator\n1920610 - e2e-aws-4.7-cnv consistently failing on Hyperconverged Cluster Operator\n1921650 - CVE-2021-3121 gogo/protobuf: plugin/unmarshal/unmarshal.go lacks certain index validation\n1923979 - kubernetes-nmstate: nmstate-handler pod crashes when configuring bridge device using ip tool\n1927373 - NoExecute taint violates pdb; VMIs are not live migrated\n1931376 - VMs disconnected from nmstate-defined bridge after CNV-2.5.4-\u003eCNV-2.6.0 upgrade\n\n5. \n\nBug Fix(es):\n\n* When performing an upgrade of the Red Hat Virtualization Host using the\ncommand `yum update`, the yum repository for RHV 4.3 EUS is unreachable\n\nAs a workaround, run the following command:\n`# yum update --releasever=7Server` (BZ#1899378)\n\n4. 8.1) - aarch64, ppc64le, s390x, x86_64\n\n3. - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\nGentoo Linux Security Advisory                           GLSA 202101-17\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n                                           https://security.gentoo.org/\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\n Severity: Normal\n    Title: Dnsmasq: Multiple vulnerabilities\n     Date: January 22, 2021\n     Bugs: #766126\n       ID: 202101-17\n\n- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -\n\nSynopsis\n========\n\nMultiple vulnerabilities have been found in Dnsmasq, the worst of which\nmay allow remote attackers to execute arbitrary code. \n\nAffected packages\n=================\n\n    -------------------------------------------------------------------\n     Package              /     Vulnerable     /            Unaffected\n    -------------------------------------------------------------------\n  1  net-dns/dnsmasq               \u003c 2.83                     \u003e= 2.83\n\nDescription\n===========\n\nMultiple vulnerabilities have been discovered in Dnsmasq. \n\nImpact\n======\n\nAn attacker, by sending specially crafted DNS replies, could possibly\nexecute arbitrary code with the privileges of the process, perform a\ncache poisoning attack or cause a Denial of Service condition. \n\nWorkaround\n==========\n\nThere is no known workaround at this time. \n\nResolution\n==========\n\nAll Dnsmasq users should upgrade to the latest version:\n\n  # emerge --sync\n  # emerge --ask --oneshot --verbose \"\u003e=net-dns/dnsmasq-2.83\"\n\nReferences\n==========\n\n[ 1 ] CVE-2020-25681\n      https://nvd.nist.gov/vuln/detail/CVE-2020-25681\n[ 2 ] CVE-2020-25682\n      https://nvd.nist.gov/vuln/detail/CVE-2020-25682\n[ 3 ] CVE-2020-25683\n      https://nvd.nist.gov/vuln/detail/CVE-2020-25683\n[ 4 ] CVE-2020-25684\n      https://nvd.nist.gov/vuln/detail/CVE-2020-25684\n[ 5 ] CVE-2020-25685\n      https://nvd.nist.gov/vuln/detail/CVE-2020-25685\n[ 6 ] CVE-2020-25686\n      https://nvd.nist.gov/vuln/detail/CVE-2020-25686\n[ 7 ] CVE-2020-25687\n      https://nvd.nist.gov/vuln/detail/CVE-2020-25687\n\nAvailability\n============\n\nThis GLSA and any updates to it are available for viewing at\nthe Gentoo Security Website:\n\n https://security.gentoo.org/glsa/202101-17\n\nConcerns?\n=========\n\nSecurity is a primary focus of Gentoo Linux and ensuring the\nconfidentiality and security of our users\u0027 machines is of utmost\nimportance to us. Any security concerns should be addressed to\nsecurity@gentoo.org or alternatively, you may file a bug at\nhttps://bugs.gentoo.org. \n\nLicense\n=======\n\nCopyright 2021 Gentoo Foundation, Inc; referenced text\nbelongs to its owner(s). \n\nThe contents of this document are licensed under the\nCreative Commons - Attribution / Share Alike license. \n\nhttps://creativecommons.org/licenses/by-sa/2.5\n\n",
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-25684"
      },
      {
        "db": "CNVD",
        "id": "CNVD-2021-16431"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-25684"
      },
      {
        "db": "PACKETSTORM",
        "id": "169002"
      },
      {
        "db": "PACKETSTORM",
        "id": "161281"
      },
      {
        "db": "PACKETSTORM",
        "id": "161100"
      },
      {
        "db": "PACKETSTORM",
        "id": "161742"
      },
      {
        "db": "PACKETSTORM",
        "id": "161272"
      },
      {
        "db": "PACKETSTORM",
        "id": "161013"
      },
      {
        "db": "PACKETSTORM",
        "id": "161085"
      }
    ],
    "trust": 2.16
  },
  "external_ids": {
    "_id": null,
    "data": [
      {
        "db": "NVD",
        "id": "CVE-2020-25684",
        "trust": 3.0
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.0231",
        "trust": 1.2
      },
      {
        "db": "CERT/CC",
        "id": "VU#434904",
        "trust": 1.0
      },
      {
        "db": "PACKETSTORM",
        "id": "161281",
        "trust": 0.7
      },
      {
        "db": "PACKETSTORM",
        "id": "161085",
        "trust": 0.7
      },
      {
        "db": "CNVD",
        "id": "CNVD-2021-16431",
        "trust": 0.6
      },
      {
        "db": "PACKETSTORM",
        "id": "161535",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.0987",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.0420",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.0692",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.0864",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.0283",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.1088",
        "trust": 0.6
      },
      {
        "db": "AUSCERT",
        "id": "ESB-2021.0699",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2021122911",
        "trust": 0.6
      },
      {
        "db": "CS-HELP",
        "id": "SB2021070106",
        "trust": 0.6
      },
      {
        "db": "ICS CERT",
        "id": "ICSA-21-019-01",
        "trust": 0.6
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202101-1611",
        "trust": 0.6
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-25684",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "169002",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "161100",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "161742",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "161272",
        "trust": 0.1
      },
      {
        "db": "PACKETSTORM",
        "id": "161013",
        "trust": 0.1
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-16431"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-25684"
      },
      {
        "db": "PACKETSTORM",
        "id": "169002"
      },
      {
        "db": "PACKETSTORM",
        "id": "161281"
      },
      {
        "db": "PACKETSTORM",
        "id": "161100"
      },
      {
        "db": "PACKETSTORM",
        "id": "161742"
      },
      {
        "db": "PACKETSTORM",
        "id": "161272"
      },
      {
        "db": "PACKETSTORM",
        "id": "161013"
      },
      {
        "db": "PACKETSTORM",
        "id": "161085"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202101-1611"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-25684"
      }
    ]
  },
  "id": "VAR-202101-0220",
  "iot": {
    "_id": null,
    "data": true,
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-16431"
      }
    ],
    "trust": 0.85396827
  },
  "iot_taxonomy": {
    "_id": null,
    "data": [
      {
        "category": [
          "Network device"
        ],
        "sub_category": null,
        "trust": 0.6
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-16431"
      }
    ]
  },
  "last_update_date": "2026-03-09T21:24:18.514000Z",
  "patch": {
    "_id": null,
    "data": [
      {
        "title": "Patch for Dnsmasq security feature issue vulnerability",
        "trust": 0.6,
        "url": "https://www.cnvd.org.cn/patchInfo/show/251931"
      },
      {
        "title": "Dnsmasq Fixing measures for security feature vulnerabilities",
        "trust": 0.6,
        "url": "http://www.cnnvd.org.cn/web/xxk/bdxqById.tag?id=139960"
      },
      {
        "title": "Red Hat: Moderate: dnsmasq security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20210156 - Security Advisory"
      },
      {
        "title": "Red Hat: Moderate: dnsmasq security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20210240 - Security Advisory"
      },
      {
        "title": "Red Hat: Moderate: dnsmasq security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20210245 - Security Advisory"
      },
      {
        "title": "Red Hat: Moderate: dnsmasq security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20210153 - Security Advisory"
      },
      {
        "title": "Red Hat: Moderate: dnsmasq security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20210154 - Security Advisory"
      },
      {
        "title": "Red Hat: Moderate: dnsmasq security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20210155 - Security Advisory"
      },
      {
        "title": "Red Hat: Important: Red Hat Virtualization Host security bug fix and enhancement update [ovirt-4.4.4]",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20210401 - Security Advisory"
      },
      {
        "title": "Red Hat: Important: RHV-H security, bug fix, enhancement update (redhat-virtualization-host) 4.3.13",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20210395 - Security Advisory"
      },
      {
        "title": "Red Hat: Important: dnsmasq security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20210151 - Security Advisory"
      },
      {
        "title": "Red Hat: Important: dnsmasq security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20210150 - Security Advisory"
      },
      {
        "title": "Red Hat: Important: dnsmasq security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20210152 - Security Advisory"
      },
      {
        "title": "Arch Linux Issues: ",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=arch_linux_issues\u0026qid=CVE-2020-25684 log"
      },
      {
        "title": "Amazon Linux 2: ALAS2-2021-1587",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=amazon_linux2\u0026qid=ALAS2-2021-1587"
      },
      {
        "title": "Debian Security Advisories: DSA-4844-1 dnsmasq -- security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=debian_security_advisories\u0026qid=6bdd82a7af8c0333eca753b3b7b02111"
      },
      {
        "title": "Red Hat: Important: OpenShift Container Platform 4.4.33 bug fix and security update",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=red_hat_security_advisories\u0026qid=RHSA-20210281 - Security Advisory"
      },
      {
        "title": "Cisco: Multiple Vulnerabilities in dnsmasq DNS Forwarder Affecting Cisco Products: January 2021",
        "trust": 0.1,
        "url": "https://vulmon.com/vendoradvisory?qidtp=cisco_security_advisories_and_alerts_ciscoproducts\u0026qid=cisco-sa-dnsmasq-dns-2021-c5mrdf3g"
      },
      {
        "title": "dnspooq",
        "trust": 0.1,
        "url": "https://github.com/knqyf263/dnspooq "
      },
      {
        "title": "multironic\nRequirements:\nInstall libvirt and prepare nodes\nhave to check why we need this\nTODO download ironic images later\nPull images\nTag images\nPush images\nrun httpd\nCheck that two vbmcs are running for the two nodes\nPlay with vbmc and ipmitools\nRun management cluster\nFirewall\nLaunch ironic\nrun capm3\nFirewall\nRef",
        "trust": 0.1,
        "url": "https://github.com/mboukhalfa/multironic "
      },
      {
        "title": "Criminal IP NSE Script",
        "trust": 0.1,
        "url": "https://github.com/criminalip/CIP-NSE-Script "
      },
      {
        "title": "Intro: What\u0027s pique or repique\n\n\nOverview",
        "trust": 0.1,
        "url": "https://github.com/AZ-X/pique "
      },
      {
        "title": "https://github.com/klcheung99/CSCM28CW2",
        "trust": 0.1,
        "url": "https://github.com/klcheung99/CSCM28CW2 "
      },
      {
        "title": "Kaosagnt\u0027s Ansible Everyday Utils",
        "trust": 0.1,
        "url": "https://github.com/kaosagnt/ansible-everyday "
      },
      {
        "title": "F5\u306e\u8106\u5f31\u6027\u60c5\u5831",
        "trust": 0.1,
        "url": "https://github.com/DNTYO/F5_Vulnerability "
      },
      {
        "title": "Vulnerability",
        "trust": 0.1,
        "url": "https://github.com/tzwlhack/Vulnerability "
      },
      {
        "title": "TOP\nTable of Contents\nDonation",
        "trust": 0.1,
        "url": "https://github.com/JERRY123S/all-poc "
      },
      {
        "title": "SecBooks\nSecBooks\u76ee\u5f55",
        "trust": 0.1,
        "url": "https://github.com/SexyBeast233/SecBooks "
      },
      {
        "title": "Table of Contents",
        "trust": 0.1,
        "url": "https://github.com/CVEDB/top "
      },
      {
        "title": "Table of Contents",
        "trust": 0.1,
        "url": "https://github.com/CVEDB/awesome-cve-repo "
      },
      {
        "title": "TOP\nTable of Contents\nDonation",
        "trust": 0.1,
        "url": "https://github.com/hktalent/TOP "
      },
      {
        "title": "TOP\nTable of Contents\nDonation",
        "trust": 0.1,
        "url": "https://github.com/cyberanand1337x/bug-bounty-2022 "
      },
      {
        "title": "TOP\nTable of Contents\nDonation",
        "trust": 0.1,
        "url": "https://github.com/weeka10/-hktalent-TOP "
      },
      {
        "title": "PoC in GitHub",
        "trust": 0.1,
        "url": "https://github.com/developer3000S/PoC-in-GitHub "
      },
      {
        "title": "The Register",
        "trust": 0.1,
        "url": "https://www.theregister.co.uk/2021/01/20/dns_cache_poisoning/"
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-16431"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-25684"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202101-1611"
      }
    ]
  },
  "problemtype_data": {
    "_id": null,
    "data": [
      {
        "problemtype": "CWE-358",
        "trust": 1.0
      },
      {
        "problemtype": "NVD-CWE-Other",
        "trust": 1.0
      }
    ],
    "sources": [
      {
        "db": "NVD",
        "id": "CVE-2020-25684"
      }
    ]
  },
  "references": {
    "_id": null,
    "data": [
      {
        "trust": 1.8,
        "url": "https://security.gentoo.org/glsa/202101-17"
      },
      {
        "trust": 1.7,
        "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1889686"
      },
      {
        "trust": 1.7,
        "url": "https://www.jsof-tech.com/disclosures/dnspooq/"
      },
      {
        "trust": 1.7,
        "url": "https://www.debian.org/security/2021/dsa-4844"
      },
      {
        "trust": 1.7,
        "url": "https://lists.debian.org/debian-lts-announce/2021/03/msg00027.html"
      },
      {
        "trust": 1.7,
        "url": "https://www.arista.com/en/support/advisories-notices/security-advisories/12135-security-advisory-61"
      },
      {
        "trust": 1.2,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.0231/"
      },
      {
        "trust": 1.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-25684"
      },
      {
        "trust": 1.1,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/wyw3ir6apuskoykl5ft3actihwhgqy32/"
      },
      {
        "trust": 1.1,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/qgb7hl3owhtlepsmldgomxqkg3km2qme/"
      },
      {
        "trust": 1.0,
        "url": "https://www.kb.cert.org/vuls/id/434904"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-25686"
      },
      {
        "trust": 0.6,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-25685"
      },
      {
        "trust": 0.6,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/qgb7hl3owhtlepsmldgomxqkg3km2qme/"
      },
      {
        "trust": 0.6,
        "url": "https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/wyw3ir6apuskoykl5ft3actihwhgqy32/"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/161281/red-hat-security-advisory-2021-0401-01.html"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/161535/ubuntu-security-notice-usn-4698-2.html"
      },
      {
        "trust": 0.6,
        "url": "https://packetstormsecurity.com/files/161085/gentoo-linux-security-advisory-202101-17.html"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.0699"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.0864"
      },
      {
        "trust": 0.6,
        "url": "https://www.huawei.com/cn/psirt/security-notices/huawei-sn-20210120-01-dnspooq-cn"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.0987"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.0283/"
      },
      {
        "trust": 0.6,
        "url": "https://us-cert.cisa.gov/ics/advisories/icsa-21-019-01"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.0692"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.1088"
      },
      {
        "trust": 0.6,
        "url": "https://www.auscert.org.au/bulletins/esb-2021.0420"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021070106"
      },
      {
        "trust": 0.6,
        "url": "https://tools.cisco.com/security/center/content/ciscosecurityadvisory/cisco-sa-dnsmasq-dns-2021-c5mrdf3g"
      },
      {
        "trust": 0.6,
        "url": "https://www.ibm.com/blogs/psirt/security-bulletin-ibm-security-privileged-identity-manager-is-affected-by-security-vulnerabilities-cve-2020-25684-cve-2020-25685-cve-2020-25686/"
      },
      {
        "trust": 0.6,
        "url": "https://www.cybersecurity-help.cz/vdb/sb2021122911"
      },
      {
        "trust": 0.5,
        "url": "https://access.redhat.com/security/cve/cve-2020-25685"
      },
      {
        "trust": 0.5,
        "url": "https://bugzilla.redhat.com/):"
      },
      {
        "trust": 0.5,
        "url": "https://access.redhat.com/security/cve/cve-2020-25686"
      },
      {
        "trust": 0.5,
        "url": "https://access.redhat.com/security/cve/cve-2020-25684"
      },
      {
        "trust": 0.5,
        "url": "https://access.redhat.com/security/team/contact/"
      },
      {
        "trust": 0.4,
        "url": "https://www.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/vulnerabilities/rhsb-2021-001"
      },
      {
        "trust": 0.4,
        "url": "https://access.redhat.com/security/team/key/"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-25687"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-25683"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-25681"
      },
      {
        "trust": 0.3,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2020-25682"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/cve/cve-2021-3156"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/security/updates/classification/#important"
      },
      {
        "trust": 0.3,
        "url": "https://access.redhat.com/articles/11258"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/articles/2974891"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/vulnerabilities/rhsb-2021-002"
      },
      {
        "trust": 0.2,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2021-3156"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/updates/classification/#moderate"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-25683"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-25682"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-25687"
      },
      {
        "trust": 0.2,
        "url": "https://access.redhat.com/security/cve/cve-2020-25681"
      },
      {
        "trust": 0.1,
        "url": "https://cwe.mitre.org/data/definitions/.html"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2021:0156"
      },
      {
        "trust": 0.1,
        "url": "https://github.com/knqyf263/dnspooq"
      },
      {
        "trust": 0.1,
        "url": "https://security.archlinux.org/cve-2020-25684"
      },
      {
        "trust": 0.1,
        "url": "https://www.debian.org/security/faq"
      },
      {
        "trust": 0.1,
        "url": "https://security-tracker.debian.org/tracker/dnsmasq"
      },
      {
        "trust": 0.1,
        "url": "https://www.debian.org/security/"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2021:0401"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2021:0240"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-20907"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-8624"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-16300"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14466"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-10105"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-13050"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-9925"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-15166"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-9802"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-25705"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-20218"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-26160"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-16230"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-9895"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8625"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-6829"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-12403"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-20388"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-15165"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-14382"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8812"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-3899"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-16845"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14467"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8819"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-10103"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14469"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-11068"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-3867"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-1971"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-16229"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8720"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-9893"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-19221"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8808"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-3902"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14465"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-14882"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-8623"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-16227"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-18197"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-1751"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-3900"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-14461"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-20206"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14881"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-9805"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-14464"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8820"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-9807"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8769"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8710"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8813"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-9850"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14463"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-7595"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8811"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-16228"
      },
      {
        "trust": 0.1,
        "url": "https://listman.redhat.com/mailman/listinfo/rhsa-announce"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14879"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-29652"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-14351"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-16168"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-9803"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-9862"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-24659"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-14469"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-9327"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-10105"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-14880"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-3885"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-17450"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-15503"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-16935"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-12321"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-20916"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14461"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-5018"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-19956"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-10018"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-14422"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-14468"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8835"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8764"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-14466"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8844"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-3865"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14882"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-1730"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-15586"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-3864"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-16227"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14464"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-16452"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-19906"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-16230"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-20387"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-14391"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-15999"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14468"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-14467"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-14559"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-14462"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-29661"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-3862"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14880"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-14881"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-3901"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-16300"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8823"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14462"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-1752"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-16229"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-12400"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-8622"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-28362"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-15903"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-3895"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-8492"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-11793"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-20454"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-20843"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-9894"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8816"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-9843"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-13627"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-6405"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8771"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-16451"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2019-13050"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-3897"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-10103"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-16228"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-9806"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2021:0799"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-14463"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8814"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-14889"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-20843"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8743"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2021-3121"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-9915"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8815"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-13632"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-10029"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-16451"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8783"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-20807"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-13630"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-14040"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-14879"
      },
      {
        "trust": 0.1,
        "url": "https://nvd.nist.gov/vuln/detail/cve-2018-14470"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-14470"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-8619"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-9283"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-27813"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-14465"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-11068"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-13631"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8766"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2018-16452"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8846"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-3868"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2020-3894"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/security/cve/cve-2019-8782"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2021:0395"
      },
      {
        "trust": 0.1,
        "url": "https://access.redhat.com/errata/rhsa-2021:0152"
      },
      {
        "trust": 0.1,
        "url": "https://creativecommons.org/licenses/by-sa/2.5"
      },
      {
        "trust": 0.1,
        "url": "https://security.gentoo.org/"
      },
      {
        "trust": 0.1,
        "url": "https://bugs.gentoo.org."
      }
    ],
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-16431"
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-25684"
      },
      {
        "db": "PACKETSTORM",
        "id": "169002"
      },
      {
        "db": "PACKETSTORM",
        "id": "161281"
      },
      {
        "db": "PACKETSTORM",
        "id": "161100"
      },
      {
        "db": "PACKETSTORM",
        "id": "161742"
      },
      {
        "db": "PACKETSTORM",
        "id": "161272"
      },
      {
        "db": "PACKETSTORM",
        "id": "161013"
      },
      {
        "db": "PACKETSTORM",
        "id": "161085"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202101-1611"
      },
      {
        "db": "NVD",
        "id": "CVE-2020-25684"
      }
    ]
  },
  "sources": {
    "_id": null,
    "data": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-16431",
        "ident": null
      },
      {
        "db": "VULMON",
        "id": "CVE-2020-25684",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "169002",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "161281",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "161100",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "161742",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "161272",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "161013",
        "ident": null
      },
      {
        "db": "PACKETSTORM",
        "id": "161085",
        "ident": null
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202101-1611",
        "ident": null
      },
      {
        "db": "NVD",
        "id": "CVE-2020-25684",
        "ident": null
      }
    ]
  },
  "sources_release_date": {
    "_id": null,
    "data": [
      {
        "date": "2021-03-11T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2021-16431",
        "ident": null
      },
      {
        "date": "2021-01-20T00:00:00",
        "db": "VULMON",
        "id": "CVE-2020-25684",
        "ident": null
      },
      {
        "date": "2021-02-28T20:12:00",
        "db": "PACKETSTORM",
        "id": "169002",
        "ident": null
      },
      {
        "date": "2021-02-03T16:36:53",
        "db": "PACKETSTORM",
        "id": "161281",
        "ident": null
      },
      {
        "date": "2021-01-25T17:28:49",
        "db": "PACKETSTORM",
        "id": "161100",
        "ident": null
      },
      {
        "date": "2021-03-10T16:02:43",
        "db": "PACKETSTORM",
        "id": "161742",
        "ident": null
      },
      {
        "date": "2021-02-03T16:22:29",
        "db": "PACKETSTORM",
        "id": "161272",
        "ident": null
      },
      {
        "date": "2021-01-19T14:45:21",
        "db": "PACKETSTORM",
        "id": "161013",
        "ident": null
      },
      {
        "date": "2021-01-25T14:38:26",
        "db": "PACKETSTORM",
        "id": "161085",
        "ident": null
      },
      {
        "date": "2021-01-20T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202101-1611",
        "ident": null
      },
      {
        "date": "2021-01-20T16:15:14.163000",
        "db": "NVD",
        "id": "CVE-2020-25684",
        "ident": null
      }
    ]
  },
  "sources_update_date": {
    "_id": null,
    "data": [
      {
        "date": "2021-03-11T00:00:00",
        "db": "CNVD",
        "id": "CNVD-2021-16431",
        "ident": null
      },
      {
        "date": "2023-11-07T00:00:00",
        "db": "VULMON",
        "id": "CVE-2020-25684",
        "ident": null
      },
      {
        "date": "2022-03-10T00:00:00",
        "db": "CNNVD",
        "id": "CNNVD-202101-1611",
        "ident": null
      },
      {
        "date": "2025-11-04T20:15:57.223000",
        "db": "NVD",
        "id": "CVE-2020-25684",
        "ident": null
      }
    ]
  },
  "threat_type": {
    "_id": null,
    "data": "remote",
    "sources": [
      {
        "db": "PACKETSTORM",
        "id": "161085"
      },
      {
        "db": "CNNVD",
        "id": "CNNVD-202101-1611"
      }
    ],
    "trust": 0.7
  },
  "title": {
    "_id": null,
    "data": "Dnsmasq security feature issue vulnerability",
    "sources": [
      {
        "db": "CNVD",
        "id": "CNVD-2021-16431"
      }
    ],
    "trust": 0.6
  },
  "type": {
    "_id": null,
    "data": "other",
    "sources": [
      {
        "db": "CNNVD",
        "id": "CNNVD-202101-1611"
      }
    ],
    "trust": 0.6
  }
}

CVE-2020-25684 (GCVE-0-2020-25684)

Vulnerability from cvelistv5 – Published: 2021-01-20 15:22 – Updated: 2025-11-04 19:12

Summary

Severity ?

No CVSS data available.

CWE

CWE-358

Assigner

redhat

References

URL

	Vendor	Product	Version
	n/a	dnsmasq	Affected: dnsmasq 2.83

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

VAR-202101-0220

Synopsis

Affected packages

Description

Impact

Workaround

Resolution

References

Availability

Concerns?

License

CVE-2020-25684 (GCVE-0-2020-25684)

Tags

Sightings

Nomenclature