Lucene search

K

MitreCVELIST:CVE-2017-9108

HistoryJun 18, 2020 - 1:05 p.m.

CVE-2017-9108

2020-06-1813:05:46

mitre

www.cve.org

8.3 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

74.4%

An issue was discovered in adns before 1.5.2. adnshost mishandles a missing final newline on a stdin read. It is wrong to increment used as well as setting r, since used is incremented according to r, later. Rather one should be doing what read() would have done. Without this fix, adnshost may read and process one byte beyond the buffer, perhaps crashing or perhaps somehow leaking the value of that byte.

References

www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=adns.git

www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=adns.git%3Ba=blob%3Bf=changelog

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TRVHN3GGVNQWAOL3PWC5FLAV7HUESLZR/

lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UGFZ4SPV6KFQK6ZNUZFB5Y32OYFOM5YJ/

www.chiark.greenend.org.uk/pipermail/adns-announce/2020/000004.html

8.3 High

AI Score

Confidence

High

0.004 Low

EPSS

Percentile

74.4%

Related for CVELIST:CVE-2017-9108

prion1 ubuntucve1 debiancve1 cve1 nvd1 nessus6 altlinux2 openvas5 fedora2 freebsd1 suse1