CVE-2017-9108

CWE-119Buffer Overflow7 documents6 sources
Severity
7.5HIGH
EPSS
0.5%
top 32.87%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
GNU AdnsFedoraproject FedoraOpensuse Leap
Timeline
PublishedJun 18
Latest updateMay 24

Description

An issue was discovered in adns before 1.5.2. adnshost mishandles a missing final newline on a stdin read. It is wrong to increment used as well as setting r, since used is incremented according to r, later. Rather one should be doing what read() would have done. Without this fix, adnshost may read and process one byte beyond the buffer, perhaps crashing or perhaps somehow leaking the value of that byte.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages3 packages

NVDgnu/adns< 1.5.2
Debianadns< 1.6.0-2+3
NVDopensuse/leap15.1

Also affects: Fedora 31, 32

🔴Vulnerability Details

3
GHSA
GHSA-33h2-rv7w-ppfj: An issue was discovered in adns before 12022-05-24
OSV
CVE-2017-9108: An issue was discovered in adns before 12020-06-18
CVEList
CVE-2017-9108: An issue was discovered in adns before 12020-06-18

📋Vendor Advisories

1
Debian
CVE-2017-9108: adns - An issue was discovered in adns before 1.5.2. adnshost mishandles a missing fina...2017

💬Community

2
Bugzilla
CVE-2017-9108 adns: improper handling of a missing final newline on a stdin read [fedora-all]2020-06-22
Bugzilla
CVE-2017-9108 adns: improper handling of a missing final newline on a stdin read2020-06-22