CVE-2017-9430

Name of the Vulnerable Software and Affected Versions dnstracer versions prior to 1.9

Description The issue is a stack-based buffer overflow that can cause a denial of service, resulting in an application crash, or possibly have other unspecified impacts. This occurs when a command line with a long name argument is mishandled in a strcpy call for argv[0]. A potential threat model involves a web application that launches dnstracer with an untrusted name string.

Recommendations For versions prior to 1.9, consider restricting the use of dnstracer with untrusted input to minimize the risk of exploitation. As a temporary workaround, limit the length of command line arguments passed to dnstracer until a fix is available.