PT-2020-8505 · Adns+2 · Adns+2

Published

2020-06-12

Updated

2023-01-28

CVE-2017-9107

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions: adns versions prior to 1.5.2

Description: An issue was discovered in adns where it overruns reading a buffer if a domain ends with a backslash. If the query domain ended with a backslash and adns qf quoteok query was specified, qdparselabel would read additional bytes from the buffer and try to treat them as the escape sequence, potentially leading to a denial of service attack by crashing due to outrunning available memory.

Recommendations: For versions prior to 1.5.2, update to version 1.5.2 or later to resolve the issue. As a temporary workaround, consider avoiding the use of domains that end with a backslash until the update is applied.

Fix

DoS

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

ALT-PU-2020-2177

ALT-PU-2020-2191

CVE-2017-9107

OPENSUSE-SU-2020:0827-1

OPENSUSE-SU-2020_0827-1

OPENSUSE-SU-2024:10612-1

SUSE-SU-2020:14399-1

SUSE-SU-2020:1612-1

SUSE-SU-2020_1612-1

Affected Products

Alt Linux

Suse

Adns

PT-2020-8505 · Adns+2 · Adns+2

CVE-2017-9107

Weakness Enumeration

Related Identifiers

Affected Products

References · 28