CVE-2009-1086

Name of the Vulnerable Software and Affected Versions ldns version 1.4.x

Description The issue is related to a heap-based buffer overflow in the ldns rr new frm str internal function, which can be triggered by a DNS resource record with a long class field (clas variable) and possibly a long TTL field. This can cause a denial of service due to memory corruption and potentially allow the execution of arbitrary code. The vulnerability can be exploited remotely.

Recommendations For ldns version 1.4.x, consider disabling the ldns rr new frm str internal function as a temporary workaround until a patch is available. Restrict access to DNS resource records to minimize the risk of exploitation. Avoid using DNS resource records with long class fields (clas variable) and long TTL fields until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.