Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2017-9108

An issue was discovered in adns before 1.5.2. adnshost mishandles a missing final newline on a stdin read. It is wrong to increment used as well as setting r, since used is incremented according to r, later. Rather one should be doing what read() would have done. Without this fix, adnshost may read and process one byte beyond the buffer, perhaps crashing or perhaps somehow leaking the value of that byte.

Published

2020-06-18T14:15:10.593

Last Modified

2024-11-21T03:35:20.200

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 7.5 (HIGH)

CVSSv2 Vector

AV:N/AC:L/Au:N/C:N/I:N/A:P

Access Vector: NETWORK
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: NONE
Integrity Impact: NONE
Availability Impact: PARTIAL

Exploitability Score

10.0

Impact Score

2.9

Weaknesses

Type: Primary
CWE-119

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	gnu	adns	< 1.5.2	Yes
Operating System	opensuse	leap	15.1	Yes
Operating System	fedoraproject	fedora	31	Yes
Operating System	fedoraproject	fedora	32	Yes

References

http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=adns.git Third Party Advisory ([email protected])
http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=adns.git%3Ba=blob%3Bf=changelog ([email protected])
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TRVHN3GGVNQWAOL3PWC5FLAV7HUESLZR/ ([email protected])
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UGFZ4SPV6KFQK6ZNUZFB5Y32OYFOM5YJ/ ([email protected])
https://www.chiark.greenend.org.uk/pipermail/adns-announce/2020/000004.html Release Notes, Third Party Advisory ([email protected])
http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=adns.git Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=adns.git%3Ba=blob%3Bf=changelog (af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TRVHN3GGVNQWAOL3PWC5FLAV7HUESLZR/ (af854a3a-2127-422b-91ae-364da2661108)
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UGFZ4SPV6KFQK6ZNUZFB5Y32OYFOM5YJ/ (af854a3a-2127-422b-91ae-364da2661108)
https://www.chiark.greenend.org.uk/pipermail/adns-announce/2020/000004.html Release Notes, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)