CVE-2017-9106

Name of the Vulnerable Software and Affected Versions: adns versions prior to 1.5.2

Description: An issue was discovered in adns where adns rr info mishandles a bogus *datap. The general pattern for formatting integers is to sprintf into a fixed-size buffer, which can be overrun if the input is out of range. This can cause a serious security problem, particularly with sign extending SOA 32-bit integer fields and the use of a signed data type. The lack of a check for the actual permitted range of integer values can lead to a buffer overrun when the sign extended SOA value is out of range and reconverted.

Recommendations: For versions prior to 1.5.2, update to version 1.5.2 or later to resolve the issue. As a temporary workaround, consider adding checks for the actual permitted range of integer values to defend against out-of-range integer values and return adns s invaliddata if not.