logo
DATABASE RESOURCES PRICING ABOUT US

CVE-2020-19861

Description

When a zone file in ldns 1.7.1 is parsed, the function ldns_nsec3_salt_data is too trusted for the length value obtained from the zone file. When the memcpy is copied, the 0xfe - ldns_rdf_size(salt_rdf) byte data can be copied, causing heap overflow information leakage.


Affected Package


OS OS Version Package Name Package Version
ubuntu 20.04 ldns any
ubuntu 22.04 ldns any
ubuntu upstream ldns 1.8.0
ubuntu 16.04 ldns 1.6.17-8ubuntu0.1+esm1

Related