CVE-2023-50434

Name of the Vulnerable Software and Affected Versions emdns versions through fbd1eef

Description The issue arises from the emdns resolve raw function in emdns.c, which calls strlen with an input that may not be 0 terminated, leading to a stack-based buffer over-read. This can be triggered by a remote adversary that can send DNS requests to the emdns server. The impact could vary depending on the system libraries, compiler, and processor architecture.

Recommendations For emdns versions through fbd1eef, as a temporary workaround, consider restricting access to the emdns server to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.