Buffer Overflow Issue in adns Affects Multiple Versions
CVE-2017-9108

7.5HIGH

Key Information:

Vendor
Gnu
Status
Adns
Vendor
CVE Published:
18 June 2020

Summary

A flaw was identified in the adns software, prior to version 1.5.2, where the adnshost component inadequately handles a missing newline during standard input reads. Instead of properly managing the read process, the implementation erroneously increments the 'used' variable while also setting 'r', leading to the potential for reading beyond the intended buffer limit. This may result in crashes or unintentional data leakage from the read operation.

References

http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=ad...
x_refsource_MISC
https://www.chiark.greenend.org.uk/pipermail/adns-announc...
x_refsource_CONFIRM
http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=ad...
x_refsource_CONFIRM

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.