vulnerability

Huawei EulerOS: CVE-2020-14312: dnsmasq security update

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
4	(AV:N/AC:M/Au:N/C:N/I:N/A:P)	Feb 6, 2021	Nov 3, 2022	Apr 1, 2026

Severity

CVSS

(AV:N/AC:M/Au:N/C:N/I:N/A:P)

Published

Feb 6, 2021

Added

Nov 3, 2022

Modified

Apr 1, 2026

Description

A flaw was found in the default configuration of dnsmasq, as shipped with Fedora versions prior to 31 and in all versions Red Hat Enterprise Linux, where it listens on any interface and accepts queries from addresses outside of its local subnet. In particular, the option `local-service` is not enabled. Running dnsmasq in this manner may inadvertently make it an open resolver accessible from any address on the internet. This flaw allows an attacker to conduct a Distributed Denial of Service (DDoS) against other systems.

Solution

huawei-euleros-2_0_sp10-upgrade-dnsmasq

References

CVE-2020-14312
https://attackerkb.com/topics/CVE-2020-14312
CWE-284
EULEROS-EulerOS-SA-2022-2678
EUVD-EUVD-2020-6464
https://euvd.enisa.europa.eu/vulnerability/EUVD-2020-6464

Rapid7 Labs

2026 Global Threat Landscape Report

The predictive window has collapsed. Exploitation follows disclosure in days. See how attackers are accelerating and how to stay ahead.

Get report