Back to search
CVE-2017-9108
Published: Jun 18, 2020
Modified: Aug 5, 2024
PUBLISHED
Description
An issue was discovered in adns before 1.5.2. adnshost mishandles a missing final newline on a stdin read. It is wrong to increment used as well as setting r, since used is incremented according to r, later. Rather one should be doing what read() would have done. Without this fix, adnshost may read and process one byte beyond the buffer, perhaps crashing or perhaps somehow leaking the value of that byte.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=adns.git
x_refsource_MISC
https://www.chiark.greenend.org.uk/pipermail/adns-announce/2020/000004.html
x_refsource_CONFIRM
FEDORA-2020-530188bf36
vendor-advisory
x_refsource_FEDORA
FEDORA-2020-e59bcaf702
vendor-advisory
x_refsource_FEDORA
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now