CVE-2018-17419

Name of the Vulnerable Software and Affected Versions Miek Gieben DNS library versions prior to 1.0.10

Description The issue is related to a parsing error in the dns.ParseZone() function, which can cause a segmentation violation or a panic due to a nil pointer dereference when parsing a malformed zone file containing TA records. This can lead to denial of service.

Recommendations For versions prior to 1.0.10, update to version 1.0.10 or later to resolve the issue. As a temporary workaround, consider avoiding the use of the dns.ParseZone() function for parsing user-supplied input until a patch is available. Restrict access to the setTA function in scan rr.go to minimize the risk of exploitation.