CVE-2017-9105 - An issue was discovered in adns before 1.5.2. It corrupts a pointer when a nameserver speaks first b

CVE-2017-9105

Summary

An issue was discovered in adns before 1.5.2. It corrupts a pointer when a nameserver speaks first because of a wrong number of pointer dereferences. This bug may well be exploitable as a remote code execution.

References

Vulnerable Configurations

cpe:2.3:a:gnu:adns:*:*:*:*:*:*:*:*
cpe:2.3:a:gnu:adns:*:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*
cpe:2.3:o:fedoraproject:fedora:32:*:*:*:*:*:*:*

CVSS

Base:	7.5 (as of 27-01-2023 - 19:00)
Impact:
Exploitability:

CWE

CWE-476

CAPEC

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:P/I:P/A:P

refmap via4

confirm	http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=adns.git;a=blob;f=changelog https://www.chiark.greenend.org.uk/pipermail/adns-announce/2020/000004.html
fedora	FEDORA-2020-530188bf36 FEDORA-2020-e59bcaf702
misc	http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=adns.git

Last major update

27-01-2023 - 19:00

Published

18-06-2020 - 14:15

Last modified

27-01-2023 - 19:00