CVE-2017-1000231 — Double Free in Ldns

CWE-415 — Double Free CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer8 documents7 sources

Severity

9.8CRITICALNVD

OSV2.1

EPSS

0.5%

top 32.08%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Nlnetlabs Ldns Debian Ldns

Timeline

PublishedNov 17

Latest updateMay 14

Description

A double-free vulnerability in parse.c in ldns 1.7.0 have unspecified impact and attack vectors.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages4 packages

▶debiandebian/ldns< ldns 1.7.0-4 (bookworm)

▶Debiannlnetlabs/ldns< 1.7.0-4+3

▶Ubuntunlnetlabs/ldns< 1.6.17-1ubuntu0.1+1

▶NVDnlnetlabs/ldns1.7.0

Patches

Patch: www.nlnetlabs.nl ↗Patch: www.nlnetlabs.nl ↗

🔴Vulnerability Details

GHSA

GHSA-r9hw-j2qr-6m8c: A double-free vulnerability in parse↗2022-05-14

▶

OSV

ldns vulnerabilities↗2017-11-22

▶

OSV

CVE-2017-1000231: A double-free vulnerability in parse↗2017-11-17

▶

📋Vendor Advisories

Ubuntu

ldns vulnerabilities↗2017-11-22

▶

Red Hat

ldns: Memory corruption in ldns_rr_new_frm_fp_l↗2017-04-25

▶

Debian

CVE-2017-1000231: ldns - A double-free vulnerability in parse.c in ldns 1.7.0 have unspecified impact and...↗2017

▶

💬Community

Bugzilla

CVE-2017-1000231 ldns: Memory corruption in ldns_rr_new_frm_fp_l↗2017-11-08

▶