CVE-2017-9107

CWE-119Buffer Overflow7 documents6 sources
Severity
7.5HIGH
EPSS
0.5%
top 32.87%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
GNU AdnsFedoraproject Fedora
Timeline
PublishedJun 18
Latest updateMay 24

Description

An issue was discovered in adns before 1.5.2. It overruns reading a buffer if a domain ends with backslash. If the query domain ended with \, and adns_qf_quoteok_query was specified, qdparselabel would read additional bytes from the buffer and try to treat them as the escape sequence. It would depart the input buffer and start processing many bytes of arbitrary heap data as if it were the query domain. Eventually it would run out of input or find some other kind of error, and declare the query d

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

NVDgnu/adns< 1.5.2
Debianadns< 1.6.0-2+3

Also affects: Fedora 31, 32

🔴Vulnerability Details

3
GHSA
GHSA-8gwr-xmc5-5jfv: An issue was discovered in adns before 12022-05-24
OSV
CVE-2017-9107: An issue was discovered in adns before 12020-06-18
CVEList
CVE-2017-9107: An issue was discovered in adns before 12020-06-18

📋Vendor Advisories

1
Debian
CVE-2017-9107: adns - An issue was discovered in adns before 1.5.2. It overruns reading a buffer if a ...2017

💬Community

2
Bugzilla
CVE-2017-9107 adns: out-of-bounds read when a domain ends with backslash2020-06-22
Bugzilla
CVE-2017-9107 adns: out-of-bounds read when a domain ends with backslash [fedora-all]2020-06-22