Vulnerability CVE-2017-9108: Information

Description

An issue was discovered in adns before 1.5.2. adnshost mishandles a missing final newline on a stdin read. It is wrong to increment used as well as setting r, since used is incremented according to r, later. Rather one should be doing what read() would have done. Without this fix, adnshost may read and process one byte beyond the buffer, perhaps crashing or perhaps somehow leaking the value of that byte.

Severity: HIGH (7.5) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Published: June 18, 2020
Modified: Nov. 7, 2023
Error type identifier: CWE-119

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
adnssisyphus1.5.2-alt11.6.0-alt2ALT-PU-2020-2177-1253454Fixed
adnsp101.5.2-alt11.6.0-alt1ALT-PU-2020-2177-1253454Fixed
adnsp91.5.2-alt11.5.2-alt1ALT-PU-2020-2191-1253455Fixed
adnsp81.5.2-alt11.5.2-alt1ALT-PU-2020-2213-1253457Fixed
adnsc10f11.5.2-alt11.6.0-alt1ALT-PU-2020-2177-1253454Fixed
adnsc9f21.5.2-alt11.5.2-alt1ALT-PU-2020-2191-1253455Fixed

References to Advisories, Solutions, and Tools

    1. Configuration 1

      cpe:2.3:a:gnu:adns:*:*:*:*:*:*:*:*
      End excliding
      1.5.2

      Configuration 2

      cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*

      Configuration 3

      cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*

      cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*