PT-2020-15009 · Fnet · Fnet
Published
2020-12-11
·
Updated
2023-10-12
·
CVE-2020-17467
CVSS v3.1
9.1
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
FNET versions through 4.6.4
Description
An issue was discovered in the code for processing the hostname from an LLMNR request, which doesn't check for '0' termination. This may lead to Information Disclosure in fnet llmnr poll in fnet llmnr.c during a response to a malicious request of the DNS class IN.
Recommendations
For versions through 4.6.4, consider disabling the fnet llmnr poll function in fnet llmnr.c to minimize the risk of exploitation until a patch is available. Restrict access to the DNS class IN to reduce the likelihood of malicious requests.
Fix
Out of bounds Read
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Fnet