Memory Handling Vulnerability in adns by Ian Jackson
CVE-2017-9103

9.8CRITICAL

Key Information:

Vendor

Gnu
Status
Adns
Vendor
CVE Published:
18 June 2020

What is CVE-2017-9103?

A vulnerability has been detected in adns prior to version 1.5.2, where improper validation of the stack value in the pap_mailbox822 component can lead to various issues. Exploitation of this flaw could result in program crashes, unintentional memory leaks, excessive memory allocation, and potential buffer overruns. This issue primarily affects applications performing non-raw queries for SOA or RP DNS records.

References

http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=ad...
x_refsource_MISC
http://lists.opensuse.org/opensuse-security-announce/2020...
vendor-advisoryx_refsource_SUSE
https://www.chiark.greenend.org.uk/pipermail/adns-announc...
x_refsource_CONFIRM

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.