PT-2026-57151 · Bitwizard · Mtr

Marcin Wyczechowski

+1

·

Published

2026-07-10

·

Updated

2026-07-10

·

CVE-2026-14461

CVSS v4.0

5.1

Medium

VectorAV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X
mtr is vulnerable to Out-of-bound read vulnerability in ipinfo lookup() function. An attacker who can influence the TXT response used for AS lookups can trigger this bug by returning a DNS response that is larger than 512 bytes and uses a crafted compression pointer in the answer NAME field. ipinfo lookup() function uses the length of the response as the end-of-message boundary for dn expand() function. The result is a reliable crash.
This issue exists in the mtr through version 0.96 and it was fixed in commit 48e1794414d338ce47abc0f27c25ade8788af9c3.

Fix

Out of bounds Read

Found an issue in the description? Have something to add? Feel free to write us 👾

Weakness Enumeration

Related Identifiers

CVE-2026-14461

Affected Products

Mtr