CVE-2011-3581 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Ldns

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer5 documents5 sources

Severity

6.8MEDIUMNVD

EPSS

4.1%

top 11.45%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Nlnetlabs Ldns Debian Ldns

Timeline

PublishedNov 4

Latest updateMay 17

Description

Heap-based buffer overflow in the ldns_rr_new_frm_str_internal function in ldns before 1.6.11 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a Resource Record (RR) with an unknown type containing input that is longer than a specified length.

CVSS vector

AV:N/AC:M/C:P/I:P/A:PExploitability: 8.6 | Impact: 6.4

Affected Packages3 packages

▶debiandebian/ldns< ldns 1.6.11-1 (bookworm)

▶Debiannlnetlabs/ldns< 1.6.11-1+3

▶NVDnlnetlabs/ldns1.6.10+25

🔴Vulnerability Details

GHSA

GHSA-jv88-pfrr-vvgm: Heap-based buffer overflow in the ldns_rr_new_frm_str_internal function in ldns before 1↗2022-05-17

▶

OSV

CVE-2011-3581: Heap-based buffer overflow in the ldns_rr_new_frm_str_internal function in ldns before 1↗2011-11-04

▶

📋Vendor Advisories

Debian

CVE-2011-3581: ldns - Heap-based buffer overflow in the ldns_rr_new_frm_str_internal function in ldns ...↗2011

▶

💬Community

Bugzilla

CVE-2011-3581 ldns: heap overflow flaw in ldns_rr_new_frm_str_internal()↗2011-09-24

▶