CVE-2023-50434

Published: Apr 29, 2024

Modified: Aug 2, 2024

PUBLISHED

Description

emdns_resolve_raw in emdns.c in emdns through fbd1eef calls strlen with an input that may not be '\0' terminated, leading to a stack-based buffer over-read. This can be triggered by a remote adversary that can send DNS requests to the emdns server. The impact could vary depending on the system libraries, compiler, and processor architecture. Code before be565c3 is unaffected.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://papers.mathyvanhoef.com/esorics2024.pdf

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2023-50434

Description

Affected Products

References