CVE-2017-1000232Double Free in Ldns

CWE-415Double FreeCWE-119Improper Restriction of Operations within the Bounds of a Memory Buffer9 documents8 sources
Severity
9.8CRITICALNVD
OSV2.1
EPSS
0.5%
top 34.24%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
6
Nlnetlabs LdnsDebian LdnsMsrc Cbl2 Ldns 1.7.0-31 ON CBL Mariner 2.0+3 more
Timeline
PublishedNov 17
Latest updateMay 13

Description

A double-free vulnerability in str2host.c in ldns 1.7.0 have unspecified impact and attack vectors.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HExploitability: 3.9 | Impact: 5.9

Affected Packages8 packages

debiandebian/ldns< ldns 1.7.0-4 (bookworm)
Debiannlnetlabs/ldns< 1.7.0-4+3
Ubuntunlnetlabs/ldns< 1.6.17-1ubuntu0.1+1
NVDnlnetlabs/ldns1.7.0

🔴Vulnerability Details

3
GHSA
GHSA-w48v-5pp6-7h96: A double-free vulnerability in str2host2022-05-13
OSV
ldns vulnerabilities2017-11-22
OSV
CVE-2017-1000232: A double-free vulnerability in str2host2017-11-17

📋Vendor Advisories

4
Ubuntu
ldns vulnerabilities2017-11-22
Microsoft
A double-free vulnerability in str2host.c in ldns 1.7.0 have unspecified impact and attack vectors.2017-11-14
Red Hat
ldns: Memory corruption in ldns_str2rdf_long_str2017-04-26
Debian
CVE-2017-1000232: ldns - A double-free vulnerability in str2host.c in ldns 1.7.0 have unspecified impact ...2017

💬Community

1
Bugzilla
CVE-2017-1000232 ldns: Memory corruption in ldns_str2rdf_long_str2017-11-08