Name Resolution Vulnerability in ADNS by Ian Lynagh
CVE-2017-9109

9.8CRITICAL

Key Information:

Vendor
Gnu
Status
Adns
Vendor
CVE Published:
18 June 2020

Summary

A name resolution vulnerability exists in ADNS versions prior to 1.5.2, where the parser fails to properly ignore extraneous responses before the first Resource Record (RR). This oversight can lead to confusion when processing interleaved CNAME answers, potentially causing a memory overrun in the answer data structure on the heap. The correct processing approach, which has been implemented in later versions, ensures that the system only considers RRs following the CNAME, thereby mitigating the risk of incorrect data handling.

References

http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=ad...
x_refsource_MISC
http://lists.opensuse.org/opensuse-security-announce/2020...
vendor-advisoryx_refsource_SUSE
https://www.chiark.greenend.org.uk/pipermail/adns-announc...
x_refsource_CONFIRM

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.