CVE-2017-9103

Published: Jun 18, 2020Modified: Nov 21, 2024

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

An issue was discovered in adns before 1.5.2. pap_mailbox822 does not properly check st from adns__findlabel_next. Without this, an uninitialised stack value can be used as the first label length. Depending on the circumstances, an attacker might be able to trick adns into crashing the calling program, leaking aspects of the contents of some of its memory, causing it to allocate lots of memory, or perhaps overrunning a buffer. This is only possible with applications which make non-raw queries for SOA or RP records.

Affected (4)

Products: Gnu: Adns · Opensuse: Leap · Fedoraproject: Fedora

1 product

1 product

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Gnu Adns	Before 1.5.2

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Opensuse Leap	Version 15.1

Configuration C

2 vulnerable

Vulnerable Software	Affected Versions
Fedoraproject Fedora	Version 31
Fedoraproject Fedora	Version 32

Related CWEs

Improper Restriction of Operations within the Bounds of a Memory Buffer

The product performs operations on a memory buffer, but it reads from or writes to a memory location outside the buffer's intended boundary. This may result in read or write operations on unexpected memory locations that could be linked to other variables, data structures, or internal program data.

References (12)

http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00037.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=adns.git

Source: cve@mitre.org

Third Party Advisory

http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=adns.git%3Ba=blob%3Bf=changelog

Source: cve@mitre.org

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TRVHN3GGVNQWAOL3PWC5FLAV7HUESLZR/

Source: cve@mitre.org

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UGFZ4SPV6KFQK6ZNUZFB5Y32OYFOM5YJ/

Source: cve@mitre.org

https://www.chiark.greenend.org.uk/pipermail/adns-announce/2020/000004.html

Source: cve@mitre.org

Release NotesThird Party Advisory

http://lists.opensuse.org/opensuse-security-announce/2020-06/msg00037.html

Source: af854a3a-2127-422b-91ae-364da2661108

Mailing ListThird Party Advisory

http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=adns.git

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party Advisory

http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=adns.git%3Ba=blob%3Bf=changelog

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TRVHN3GGVNQWAOL3PWC5FLAV7HUESLZR/

Source: af854a3a-2127-422b-91ae-364da2661108

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UGFZ4SPV6KFQK6ZNUZFB5Y32OYFOM5YJ/

Source: af854a3a-2127-422b-91ae-364da2661108

https://www.chiark.greenend.org.uk/pipermail/adns-announce/2020/000004.html

Source: af854a3a-2127-422b-91ae-364da2661108

Release NotesThird Party Advisory

Timeline

No history available yet.