CVE-2017-9108

Name of the Vulnerable Software and Affected Versions: adns versions prior to 1.5.2

Description: An issue was discovered in adns where adnshost mishandles a missing final newline on a stdin read. This can cause adnshost to read and process one byte beyond the buffer, potentially crashing or leaking the value of that byte. The issue arises because used is incremented according to r later, but it is incorrectly incremented along with setting r. Instead, the code should behave as the read() function would.

Recommendations: For versions prior to 1.5.2, update to version 1.5.2 or later to resolve the issue. As a temporary workaround, consider modifying the adnshost code to correctly handle the missing final newline on stdin reads, ensuring that used is not incremented prematurely.