First published: Thu Jun 18 2020(Updated: )
An issue was discovered in adns before 1.5.2. pap_mailbox822 does not properly check st from adns__findlabel_next. Without this, an uninitialised stack value can be used as the first label length. Depending on the circumstances, an attacker might be able to trick adns into crashing the calling program, leaking aspects of the contents of some of its memory, causing it to allocate lots of memory, or perhaps overrunning a buffer. This is only possible with applications which make non-raw queries for SOA or RP records.
Credit: cve@mitre.org
Affected Software | Affected Version | How to fix |
---|---|---|
GNU adns | <1.5.2 | |
openSUSE Leap | =15.1 | |
Fedoraproject Fedora | =31 | |
Fedoraproject Fedora | =32 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2017-9103 is a vulnerability discovered in adns before version 1.5.2.
CVE-2017-9103 has a severity rating of 9.8 (critical).
GNU adns versions before 1.5.2 are affected by CVE-2017-9103.
openSUSE Leap 15.1 is affected by CVE-2017-9103.
Fedoraproject Fedora 31 and 32 are affected by CVE-2017-9103.
Yes, updating to adns version 1.5.2 or later fixes CVE-2017-9103.