CVE-2023-50434

2024-04-2922:15:06

[email protected]

web.nvd.nist.gov

emdns_resolve_raw

buffer over-read

remote adversary

dns requests

system libraries

compiler

processor architecture

7.2 High

AI Score

Confidence

Low

0.0004 Low

EPSS

Percentile

9.1%

JSON

emdns_resolve_raw in emdns.c in emdns through fbd1eef calls strlen with an input that may not be ‘\0’ terminated, leading to a stack-based buffer over-read. This can be triggered by a remote adversary that can send DNS requests to the emdns server. The impact could vary depending on the system libraries, compiler, and processor architecture. Code before be565c3 is unaffected.

References

papers.mathyvanhoef.com/esorics2024.pdf