CVE-2017-9106

CWE-119Buffer Overflow7 documents6 sources
Severity
7.5HIGH
EPSS
0.5%
top 32.87%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
GNU AdnsFedoraproject Fedora
Timeline
PublishedJun 18
Latest updateMay 24

Description

An issue was discovered in adns before 1.5.2. adns_rr_info mishandles a bogus *datap. The general pattern for formatting integers is to sprintf into a fixed-size buffer. This is correct if the input is in the right range; if it isn't, the buffer may be overrun (depending on the sizes of the types on the current platform). Of course the inputs ought to be right. And there are pointers in there too, so perhaps one could say that the caller ought to check these things. It may be better to require t

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

NVDgnu/adns< 1.5.2
Debianadns< 1.6.0-2+3

Also affects: Fedora 31, 32

🔴Vulnerability Details

3
GHSA
GHSA-chm6-j4h2-5qc7: An issue was discovered in adns before 12022-05-24
CVEList
CVE-2017-9106: An issue was discovered in adns before 12020-06-18
OSV
CVE-2017-9106: An issue was discovered in adns before 12020-06-18

📋Vendor Advisories

1
Debian
CVE-2017-9106: adns - An issue was discovered in adns before 1.5.2. adns_rr_info mishandles a bogus *d...2017

💬Community

2
Bugzilla
CVE-2017-9106 adns: lack of check for out-of-range integers values can lead to out-of-bounds access2020-06-22
Bugzilla
CVE-2017-9106 adns: lack of check for out-of-range integers values can lead to out-of-bounds access [fedora-all]2020-06-22