PT-2020-8507 · Adns+2 · Adns+2

Published

2020-06-12

·

Updated

2023-01-27

·

CVE-2017-9109

CVSS v3.1

9.8

Critical

VectorAV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Name of the Vulnerable Software and Affected Versions: adns versions prior to 1.5.2
Description: An issue was discovered in adns where it fails to ignore apparent answers before the first RR that was found the first time. This can cause adns to be confused by interleaving answers for the CNAME target with the CNAME itself, potentially leading to the answer data structure on the heap being overrun. The fix prefers to look only at the answer RRs which come after the CNAME.
Recommendations: For versions prior to 1.5.2, update to version 1.5.2 or later to resolve the issue.

Fix

Buffer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾
dbugs@ptsecurity.com

Weakness Enumeration

CWE-119

Related Identifiers

ALT-PU-2020-2177
ALT-PU-2020-2191
CVE-2017-9109
OPENSUSE-SU-2020:0827-1
OPENSUSE-SU-2020_0827-1
SUSE-SU-2020:14399-1
SUSE-SU-2020:1612-1
SUSE-SU-2020_1612-1

Affected Products

Alt Linux
Suse
Adns