CVE-2017-9105

CWE-476 โ€” NULL Pointer Dereference7 documents6 sources
Severity
8.8HIGH
EPSS
3.2%
top 12.98%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
GNU AdnsFedoraproject Fedora
Timeline
PublishedJun 18
Latest updateMay 24

Description

An issue was discovered in adns before 1.5.2. It corrupts a pointer when a nameserver speaks first because of a wrong number of pointer dereferences. This bug may well be exploitable as a remote code execution.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages2 packages

โ–ถNVDgnu/adns< 1.5.2
โ–ถDebianadns< 1.6.0-2+3

Also affects: Fedora 31, 32

๐Ÿ”ดVulnerability Details

3
GHSA
GHSA-5g8r-gfq9-rv9g: An issue was discovered in adns before 1โ†—2022-05-24
โ–ถ
OSV
CVE-2017-9105: An issue was discovered in adns before 1โ†—2020-06-18
โ–ถ
CVEList
CVE-2017-9105: An issue was discovered in adns before 1โ†—2020-06-18
โ–ถ

๐Ÿ“‹Vendor Advisories

1
Debian
CVE-2017-9105: adns - An issue was discovered in adns before 1.5.2. It corrupts a pointer when a names...โ†—2017
โ–ถ

๐Ÿ’ฌCommunity

2
Bugzilla
CVE-2017-9105 adns: pointer corruption when a nameserver speaks first because of a wrong number of pointer dereferences [fedora-all]โ†—2020-06-22
โ–ถ
Bugzilla
CVE-2017-9105 adns: pointer corruption when a nameserver speaks first because of a wrong number of pointer dereferencesโ†—2020-06-22
โ–ถ