Buffer Overrun Vulnerability in adns by Chiark Greenend
CVE-2017-9107

7.5HIGH

Key Information:

Vendor

Gnu
Status
Adns
Vendor
CVE Published:
18 June 2020

What is CVE-2017-9107?

A vulnerability in adns before version 1.5.2 allows for a buffer overrun when a domain ends with a backslash. The flaw occurs in the qdparselabel function, which improperly reads bytes beyond the bounds of the provided buffer if the escape sequence is misinterpreted. This can cause the software to exhaust memory and potentially crash, thereby enabling a denial of service attack. Administrators are urged to apply necessary patches to prevent exploitation of this flaw.

References

http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=ad...
x_refsource_MISC
https://www.chiark.greenend.org.uk/pipermail/adns-announc...
x_refsource_CONFIRM
http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=ad...
x_refsource_CONFIRM

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.