Severity: Unknown
Affected Package: rtsold
Summary: rtsold RDNSS/DNSSL option handling buffer overflow
Two bugs existed in rtsold(8)'s handling of RDNSS and DNSSL router advertisement options. rtsold(8) failed to perform sufficient bounds checking, not verifying that an option did not extend past the end of the received packet (CVE-2020-25577). In addition, when decoding DNSSL domain name labels, rtsold(8) did not validate label lengths correctly and could overflow the destination buffer (CVE-2020-25583). Because rtsold(8) runs as root, an attacker on the same physical link could potentially achieve remote code execution.
No specific recommendations provided.
Aliases: CVE-2020-25577, CVE-2020-25583
Published: December 01, 2020
Last Modified: December 01, 2020