Search criteria
21 vulnerabilities found for ldns by nlnetlabs
FKIE_CVE-2020-19861
Vulnerability from fkie_nvd - Published: 2022-01-21 15:15 - Updated: 2024-11-21 05:09
Severity ?
Summary
When a zone file in ldns 1.7.1 is parsed, the function ldns_nsec3_salt_data is too trusted for the length value obtained from the zone file. When the memcpy is copied, the 0xfe - ldns_rdf_size(salt_rdf) byte data can be copied, causing heap overflow information leakage.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://cwe.mitre.org/data/definitions/126.html | Third Party Advisory | |
| cve@mitre.org | https://github.com/NLnetLabs/ldns/issues/51 | Exploit, Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://cwe.mitre.org/data/definitions/126.html | Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/NLnetLabs/ldns/issues/51 | Exploit, Issue Tracking, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nlnetlabs:ldns:1.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "861B4CD2-F963-496B-A68B-2021E8A01A3C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "When a zone file in ldns 1.7.1 is parsed, the function ldns_nsec3_salt_data is too trusted for the length value obtained from the zone file. When the memcpy is copied, the 0xfe - ldns_rdf_size(salt_rdf) byte data can be copied, causing heap overflow information leakage."
},
{
"lang": "es",
"value": "Cuando es analizado un archivo de zona en ldns versi\u00f3n 1.7.1, la funci\u00f3n ldns_nsec3_salt_data es demasiado confiable para el valor de longitud obtenido del archivo de zona. Cuando es copiado el memcpy, los datos de bytes 0xfe - ldns_rdf_size(salt_rdf) pueden ser copiados, causando un filtrado de informaci\u00f3n por desbordamiento de pila"
}
],
"id": "CVE-2020-19861",
"lastModified": "2024-11-21T05:09:26.213",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-01-21T15:15:07.607",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Third Party Advisory"
],
"url": "https://cwe.mitre.org/data/definitions/126.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/NLnetLabs/ldns/issues/51"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Third Party Advisory"
],
"url": "https://cwe.mitre.org/data/definitions/126.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/NLnetLabs/ldns/issues/51"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2020-19860
Vulnerability from fkie_nvd - Published: 2022-01-21 14:15 - Updated: 2024-11-21 05:09
Severity ?
Summary
When ldns version 1.7.1 verifies a zone file, the ldns_rr_new_frm_str_internal function has a heap out of bounds read vulnerability. An attacker can leak information on the heap by constructing a zone file payload.
References
| URL | Tags | ||
|---|---|---|---|
| cve@mitre.org | https://github.com/NLnetLabs/ldns/commit/15d96206996bea969fbc918eb0a4a346f514b9f3 | Patch, Third Party Advisory | |
| cve@mitre.org | https://github.com/NLnetLabs/ldns/issues/50 | Exploit, Issue Tracking, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/NLnetLabs/ldns/commit/15d96206996bea969fbc918eb0a4a346f514b9f3 | Patch, Third Party Advisory | |
| af854a3a-2127-422b-91ae-364da2661108 | https://github.com/NLnetLabs/ldns/issues/50 | Exploit, Issue Tracking, Third Party Advisory |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nlnetlabs:ldns:1.7.1:*:*:*:*:*:*:*",
"matchCriteriaId": "861B4CD2-F963-496B-A68B-2021E8A01A3C",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "When ldns version 1.7.1 verifies a zone file, the ldns_rr_new_frm_str_internal function has a heap out of bounds read vulnerability. An attacker can leak information on the heap by constructing a zone file payload."
},
{
"lang": "es",
"value": "Cuando ldns versi\u00f3n 1.7.1, verifica un archivo de zona, la funci\u00f3n ldns_rr_new_frm_str_internal presenta una vulnerabilidad de lectura fuera de l\u00edmites de la pila. Un atacante puede filtrar informaci\u00f3n en la pila al construir una carga \u00fatil de archivo de zona"
}
],
"id": "CVE-2020-19860",
"lastModified": "2024-11-21T05:09:26.067",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 4.3,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": true
}
],
"cvssMetricV31": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 2.8,
"impactScore": 3.6,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2022-01-21T14:15:07.690",
"references": [
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/NLnetLabs/ldns/commit/15d96206996bea969fbc918eb0a4a346f514b9f3"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/NLnetLabs/ldns/issues/50"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://github.com/NLnetLabs/ldns/commit/15d96206996bea969fbc918eb0a4a346f514b9f3"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Issue Tracking",
"Third Party Advisory"
],
"url": "https://github.com/NLnetLabs/ldns/issues/50"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Modified",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-125"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2017-1000232
Vulnerability from fkie_nvd - Published: 2017-11-17 04:29 - Updated: 2025-04-20 01:37
Severity ?
Summary
A double-free vulnerability in str2host.c in ldns 1.7.0 have unspecified impact and attack vectors.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nlnetlabs:ldns:1.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "643F3409-3F32-4CAC-875A-4D63CEDFF472",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A double-free vulnerability in str2host.c in ldns 1.7.0 have unspecified impact and attack vectors."
},
{
"lang": "es",
"value": "Una vulnerabilidad de doble liberaci\u00f3n (double free) en str2host.c en ldns 1.7.0 provoca un impacto y origina vectores de ataque no especificados."
}
],
"id": "CVE-2017-1000232",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-11-17T04:29:00.310",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00000.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=1257"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Exploit",
"Vendor Advisory"
],
"url": "https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=1257"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-415"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2017-1000231
Vulnerability from fkie_nvd - Published: 2017-11-17 04:29 - Updated: 2025-04-20 01:37
Severity ?
Summary
A double-free vulnerability in parse.c in ldns 1.7.0 have unspecified impact and attack vectors.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nlnetlabs:ldns:1.7.0:*:*:*:*:*:*:*",
"matchCriteriaId": "643F3409-3F32-4CAC-875A-4D63CEDFF472",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "A double-free vulnerability in parse.c in ldns 1.7.0 have unspecified impact and attack vectors."
},
{
"lang": "es",
"value": "Una vulnerabilidad de doble liberaci\u00f3n (double free) en parse.c en ldns 1.7.0 provoca un impacto y origina vectores de ataque no especificados."
}
],
"id": "CVE-2017-1000231",
"lastModified": "2025-04-20T01:37:25.860",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": true,
"baseSeverity": "HIGH",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 7.5,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
],
"cvssMetricV30": [
{
"cvssData": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.0"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9,
"source": "nvd@nist.gov",
"type": "Primary"
}
]
},
"published": "2017-11-17T04:29:00.247",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00000.html"
},
{
"source": "cve@mitre.org",
"url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00028.html"
},
{
"source": "cve@mitre.org",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=1256"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00028.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Patch",
"Vendor Advisory"
],
"url": "https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=1256"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-415"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2014-3209
Vulnerability from fkie_nvd - Published: 2014-11-16 01:59 - Updated: 2025-04-12 10:46
Severity ?
Summary
The ldns-keygen tool in ldns 1.6.x uses the current umask to set the privileges of the private key, which might allow local users to obtain the private key by reading the file.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nlnetlabs:ldns:1.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7F2C75EA-303D-4A6B-9D29-027F4113AC66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nlnetlabs:ldns:1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D538E205-514C-4F3B-A321-6C12DFE818C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nlnetlabs:ldns:1.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FB72815C-BD06-4D00-A56A-55758ADC9422",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nlnetlabs:ldns:1.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A734953E-97F4-4E59-BDEA-68B0F762C5D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nlnetlabs:ldns:1.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9C11E750-99FB-4CF6-AE58-35BF90010C88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nlnetlabs:ldns:1.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "544526A4-1581-49C0-8725-369CEF426937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nlnetlabs:ldns:1.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "F850CB5B-66A3-4DCD-AF3D-4EC4E99A3301",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nlnetlabs:ldns:1.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "5F144E4B-73E6-456E-8FDE-57AB68A27CEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nlnetlabs:ldns:1.6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E343A1CE-D4C9-4A04-B5C6-604447CC22F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nlnetlabs:ldns:1.6.9:*:*:*:*:*:*:*",
"matchCriteriaId": "166CA872-3BA7-41C4-909B-F556EF947866",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nlnetlabs:ldns:1.6.10:*:*:*:*:*:*:*",
"matchCriteriaId": "50A33BD2-638D-4B50-A194-BC0CA0457B9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nlnetlabs:ldns:1.6.11:*:*:*:*:*:*:*",
"matchCriteriaId": "C59AB101-32DD-426E-89EC-8BBC31F4D67D",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "The ldns-keygen tool in ldns 1.6.x uses the current umask to set the privileges of the private key, which might allow local users to obtain the private key by reading the file."
},
{
"lang": "es",
"value": "La herramienta Idns-keygen en Idns 1.6.x utiliza la umask actual para configurar los privilegios de la clave privada, lo que podr\u00eda permitir a usuarios locales obtener la clave privada mediante la lectura del archivo."
}
],
"id": "CVE-2014-3209",
"lastModified": "2025-04-12T10:46:40.837",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "LOW",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 2.1,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.9,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2014-11-16T01:59:03.163",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2014/05/03/2"
},
{
"source": "secalert@redhat.com",
"url": "http://www.openwall.com/lists/oss-security/2014/05/05/4"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/67200"
},
{
"source": "secalert@redhat.com",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=746758"
},
{
"source": "secalert@redhat.com",
"url": "https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=573"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2014/05/03/2"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2014/05/05/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/67200"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=746758"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=573"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-264"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2011-3581
Vulnerability from fkie_nvd - Published: 2011-11-04 21:55 - Updated: 2025-04-11 00:51
Severity ?
Summary
Heap-based buffer overflow in the ldns_rr_new_frm_str_internal function in ldns before 1.6.11 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a Resource Record (RR) with an unknown type containing input that is longer than a specified length.
References
Impacted products
| Vendor | Product | Version | |
|---|---|---|---|
| nlnetlabs | ldns | * | |
| nlnetlabs | ldns | 0.50 | |
| nlnetlabs | ldns | 0.60 | |
| nlnetlabs | ldns | 0.65 | |
| nlnetlabs | ldns | 0.66 | |
| nlnetlabs | ldns | 0.70 | |
| nlnetlabs | ldns | 1.0.0 | |
| nlnetlabs | ldns | 1.1.0 | |
| nlnetlabs | ldns | 1.2.0 | |
| nlnetlabs | ldns | 1.2.1 | |
| nlnetlabs | ldns | 1.2.2 | |
| nlnetlabs | ldns | 1.3 | |
| nlnetlabs | ldns | 1.4.0 | |
| nlnetlabs | ldns | 1.4.1 | |
| nlnetlabs | ldns | 1.5.0 | |
| nlnetlabs | ldns | 1.5.1 | |
| nlnetlabs | ldns | 1.6.0 | |
| nlnetlabs | ldns | 1.6.1 | |
| nlnetlabs | ldns | 1.6.2 | |
| nlnetlabs | ldns | 1.6.3 | |
| nlnetlabs | ldns | 1.6.4 | |
| nlnetlabs | ldns | 1.6.5 | |
| nlnetlabs | ldns | 1.6.6 | |
| nlnetlabs | ldns | 1.6.7 | |
| nlnetlabs | ldns | 1.6.8 | |
| nlnetlabs | ldns | 1.6.9 |
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nlnetlabs:ldns:*:*:*:*:*:*:*:*",
"matchCriteriaId": "0FAAE9A5-856A-4700-BDDF-068341148A24",
"versionEndIncluding": "1.6.10",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nlnetlabs:ldns:0.50:*:*:*:*:*:*:*",
"matchCriteriaId": "8833B0F4-9810-4AB6-A15A-C5DB4E2A8CDE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nlnetlabs:ldns:0.60:*:*:*:*:*:*:*",
"matchCriteriaId": "B738328F-A547-4EC2-B16E-4387A60068F1",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nlnetlabs:ldns:0.65:*:*:*:*:*:*:*",
"matchCriteriaId": "112848BE-2A97-4501-AE12-A3335C0D8E46",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nlnetlabs:ldns:0.66:*:*:*:*:*:*:*",
"matchCriteriaId": "DF2715C8-63C4-43A5-AB38-3C682D5B36F6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nlnetlabs:ldns:0.70:*:*:*:*:*:*:*",
"matchCriteriaId": "3D332B67-C682-4805-A027-4EE3D863E143",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nlnetlabs:ldns:1.0.0:*:*:*:*:*:*:*",
"matchCriteriaId": "D07AB479-B917-4E35-923E-26BA6892B638",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nlnetlabs:ldns:1.1.0:*:*:*:*:*:*:*",
"matchCriteriaId": "A0834861-0A50-4D6C-B3AE-4317125A12A3",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nlnetlabs:ldns:1.2.0:*:*:*:*:*:*:*",
"matchCriteriaId": "5C3C72D3-C619-4CD6-A262-B3A6D548755C",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nlnetlabs:ldns:1.2.1:*:*:*:*:*:*:*",
"matchCriteriaId": "911F986F-F9F2-45F4-B2C1-7ECF8374DD9E",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nlnetlabs:ldns:1.2.2:*:*:*:*:*:*:*",
"matchCriteriaId": "77FD9D1D-AF2B-4D5E-8C0F-FCB246F67CF4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nlnetlabs:ldns:1.3:*:*:*:*:*:*:*",
"matchCriteriaId": "E2EAB456-1640-4E2E-9CFF-D5621AE838ED",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nlnetlabs:ldns:1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7036E2A8-39EB-45D1-B0A5-80C35F737281",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nlnetlabs:ldns:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2B747B09-4C10-4F06-9E75-08C220ABED84",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nlnetlabs:ldns:1.5.0:*:*:*:*:*:*:*",
"matchCriteriaId": "1B3045A3-7790-465A-A2E1-4DD50887E1B9",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nlnetlabs:ldns:1.5.1:*:*:*:*:*:*:*",
"matchCriteriaId": "442A3169-330A-4357-BA54-D025F965FFFD",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nlnetlabs:ldns:1.6.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7F2C75EA-303D-4A6B-9D29-027F4113AC66",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nlnetlabs:ldns:1.6.1:*:*:*:*:*:*:*",
"matchCriteriaId": "D538E205-514C-4F3B-A321-6C12DFE818C6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nlnetlabs:ldns:1.6.2:*:*:*:*:*:*:*",
"matchCriteriaId": "FB72815C-BD06-4D00-A56A-55758ADC9422",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nlnetlabs:ldns:1.6.3:*:*:*:*:*:*:*",
"matchCriteriaId": "A734953E-97F4-4E59-BDEA-68B0F762C5D6",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nlnetlabs:ldns:1.6.4:*:*:*:*:*:*:*",
"matchCriteriaId": "9C11E750-99FB-4CF6-AE58-35BF90010C88",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nlnetlabs:ldns:1.6.5:*:*:*:*:*:*:*",
"matchCriteriaId": "544526A4-1581-49C0-8725-369CEF426937",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nlnetlabs:ldns:1.6.6:*:*:*:*:*:*:*",
"matchCriteriaId": "F850CB5B-66A3-4DCD-AF3D-4EC4E99A3301",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nlnetlabs:ldns:1.6.7:*:*:*:*:*:*:*",
"matchCriteriaId": "5F144E4B-73E6-456E-8FDE-57AB68A27CEE",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nlnetlabs:ldns:1.6.8:*:*:*:*:*:*:*",
"matchCriteriaId": "E343A1CE-D4C9-4A04-B5C6-604447CC22F4",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nlnetlabs:ldns:1.6.9:*:*:*:*:*:*:*",
"matchCriteriaId": "166CA872-3BA7-41C4-909B-F556EF947866",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the ldns_rr_new_frm_str_internal function in ldns before 1.6.11 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a Resource Record (RR) with an unknown type containing input that is longer than a specified length."
},
{
"lang": "es",
"value": "Desboramiento de buffer basado en memoria din\u00e1mica en la funci\u00f3n ldns_rr_new_frm_str_internal en ldns antes de v1.6.11, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (ca\u00edda) y posiblemente ejecutar c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un Resource Record (RR) con una entrada que contiene un tipo desconocido m\u00e1s largo del tama\u00f1o especificado"
}
],
"id": "CVE-2011-3581",
"lastModified": "2025-04-11T00:51:21.963",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "MEDIUM",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.8,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:M/Au:N/C:P/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 8.6,
"impactScore": 6.4,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2011-11-04T21:55:06.037",
"references": [
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068091.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068201.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068239.html"
},
{
"source": "secalert@redhat.com",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-10/msg00008.html"
},
{
"source": "secalert@redhat.com",
"url": "http://nlnetlabs.nl/svn/ldns/tags/release-1.6.11/Changelog"
},
{
"source": "secalert@redhat.com",
"url": "http://seclists.org/oss-sec/2011/q3/503"
},
{
"source": "secalert@redhat.com",
"url": "http://seclists.org/oss-sec/2011/q3/542"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/46470"
},
{
"source": "secalert@redhat.com",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/46476"
},
{
"source": "secalert@redhat.com",
"url": "http://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=403"
},
{
"source": "secalert@redhat.com",
"url": "http://www.securityfocus.com/bid/49748"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068091.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068201.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068239.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-10/msg00008.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://nlnetlabs.nl/svn/ldns/tags/release-1.6.11/Changelog"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/oss-sec/2011/q3/503"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://seclists.org/oss-sec/2011/q3/542"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/46470"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"tags": [
"Vendor Advisory"
],
"url": "http://secunia.com/advisories/46476"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=403"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/49748"
}
],
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-119"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
FKIE_CVE-2009-1086
Vulnerability from fkie_nvd - Published: 2009-03-25 18:30 - Updated: 2025-04-09 00:30
Severity ?
Summary
Heap-based buffer overflow in the ldns_rr_new_frm_str_internal function in ldns 1.4.x allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via a DNS resource record (RR) with a long (1) class field (clas variable) and possibly (2) TTL field.
References
{
"configurations": [
{
"nodes": [
{
"cpeMatch": [
{
"criteria": "cpe:2.3:a:nlnetlabs:ldns:1.4.0:*:*:*:*:*:*:*",
"matchCriteriaId": "7036E2A8-39EB-45D1-B0A5-80C35F737281",
"vulnerable": true
},
{
"criteria": "cpe:2.3:a:nlnetlabs:ldns:1.4.1:*:*:*:*:*:*:*",
"matchCriteriaId": "2B747B09-4C10-4F06-9E75-08C220ABED84",
"vulnerable": true
}
],
"negate": false,
"operator": "OR"
}
]
}
],
"cveTags": [],
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the ldns_rr_new_frm_str_internal function in ldns 1.4.x allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via a DNS resource record (RR) with a long (1) class field (clas variable) and possibly (2) TTL field."
},
{
"lang": "es",
"value": "Desbordamiento de b\u00fafer basado en mont\u00edculo en la funci\u00f3n ldns_rr_new_frm_str_internal en ldns v1.4.x, permite a atacantes remotos provocar una denegaci\u00f3n de servicio (corrupci\u00f3n de memoria) y posiblemente la ejecuci\u00f3n de c\u00f3digo de su elecci\u00f3n a trav\u00e9s de un registro de recurso (RR) con un (1) campo \"class\" (variable \"class\") largo y posiblemente con (2) un campo largo TTL."
}
],
"id": "CVE-2009-1086",
"lastModified": "2025-04-09T00:30:58.490",
"metrics": {
"cvssMetricV2": [
{
"acInsufInfo": false,
"baseSeverity": "MEDIUM",
"cvssData": {
"accessComplexity": "LOW",
"accessVector": "NETWORK",
"authentication": "NONE",
"availabilityImpact": "PARTIAL",
"baseScore": 6.4,
"confidentialityImpact": "NONE",
"integrityImpact": "PARTIAL",
"vectorString": "AV:N/AC:L/Au:N/C:N/I:P/A:P",
"version": "2.0"
},
"exploitabilityScore": 10.0,
"impactScore": 4.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"source": "nvd@nist.gov",
"type": "Primary",
"userInteractionRequired": false
}
]
},
"published": "2009-03-25T18:30:00.547",
"references": [
{
"source": "cve@mitre.org",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/35013"
},
{
"source": "cve@mitre.org",
"url": "http://secunia.com/advisories/35065"
},
{
"source": "cve@mitre.org",
"url": "http://www.debian.org/security/2009/dsa-1795"
},
{
"source": "cve@mitre.org",
"url": "http://www.nlnetlabs.nl/bugs/show_bug.cgi?id=232"
},
{
"source": "cve@mitre.org",
"url": "http://www.nlnetlabs.nl/svn/ldns/tags/release-1.5.0/Changelog"
},
{
"source": "cve@mitre.org",
"url": "http://www.openwall.com/lists/oss-security/2009/03/24/4"
},
{
"source": "cve@mitre.org",
"url": "http://www.securityfocus.com/bid/34233"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/35013"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://secunia.com/advisories/35065"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.debian.org/security/2009/dsa-1795"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.nlnetlabs.nl/bugs/show_bug.cgi?id=232"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.nlnetlabs.nl/svn/ldns/tags/release-1.5.0/Changelog"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.openwall.com/lists/oss-security/2009/03/24/4"
},
{
"source": "af854a3a-2127-422b-91ae-364da2661108",
"url": "http://www.securityfocus.com/bid/34233"
}
],
"sourceIdentifier": "cve@mitre.org",
"vulnStatus": "Deferred",
"weaknesses": [
{
"description": [
{
"lang": "en",
"value": "CWE-399"
}
],
"source": "nvd@nist.gov",
"type": "Primary"
}
]
}
CVE-2020-19861 (GCVE-0-2020-19861)
Vulnerability from cvelistv5 – Published: 2022-01-21 14:22 – Updated: 2024-08-04 14:15
VLAI?
Summary
When a zone file in ldns 1.7.1 is parsed, the function ldns_nsec3_salt_data is too trusted for the length value obtained from the zone file. When the memcpy is copied, the 0xfe - ldns_rdf_size(salt_rdf) byte data can be copied, causing heap overflow information leakage.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T14:15:28.490Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/NLnetLabs/ldns/issues/51"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cwe.mitre.org/data/definitions/126.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "When a zone file in ldns 1.7.1 is parsed, the function ldns_nsec3_salt_data is too trusted for the length value obtained from the zone file. When the memcpy is copied, the 0xfe - ldns_rdf_size(salt_rdf) byte data can be copied, causing heap overflow information leakage."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-10T20:17:31",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/NLnetLabs/ldns/issues/51"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cwe.mitre.org/data/definitions/126.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-19861",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "When a zone file in ldns 1.7.1 is parsed, the function ldns_nsec3_salt_data is too trusted for the length value obtained from the zone file. When the memcpy is copied, the 0xfe - ldns_rdf_size(salt_rdf) byte data can be copied, causing heap overflow information leakage."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/NLnetLabs/ldns/issues/51",
"refsource": "MISC",
"url": "https://github.com/NLnetLabs/ldns/issues/51"
},
{
"name": "https://cwe.mitre.org/data/definitions/126.html",
"refsource": "MISC",
"url": "https://cwe.mitre.org/data/definitions/126.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-19861",
"datePublished": "2022-01-21T14:22:16",
"dateReserved": "2020-08-13T00:00:00",
"dateUpdated": "2024-08-04T14:15:28.490Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-19860 (GCVE-0-2020-19860)
Vulnerability from cvelistv5 – Published: 2022-01-21 13:40 – Updated: 2024-08-04 14:15
VLAI?
Summary
When ldns version 1.7.1 verifies a zone file, the ldns_rr_new_frm_str_internal function has a heap out of bounds read vulnerability. An attacker can leak information on the heap by constructing a zone file payload.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T14:15:28.652Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/NLnetLabs/ldns/issues/50"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/NLnetLabs/ldns/commit/15d96206996bea969fbc918eb0a4a346f514b9f3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "When ldns version 1.7.1 verifies a zone file, the ldns_rr_new_frm_str_internal function has a heap out of bounds read vulnerability. An attacker can leak information on the heap by constructing a zone file payload."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-21T13:40:44",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/NLnetLabs/ldns/issues/50"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/NLnetLabs/ldns/commit/15d96206996bea969fbc918eb0a4a346f514b9f3"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-19860",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "When ldns version 1.7.1 verifies a zone file, the ldns_rr_new_frm_str_internal function has a heap out of bounds read vulnerability. An attacker can leak information on the heap by constructing a zone file payload."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/NLnetLabs/ldns/issues/50",
"refsource": "MISC",
"url": "https://github.com/NLnetLabs/ldns/issues/50"
},
{
"name": "https://github.com/NLnetLabs/ldns/commit/15d96206996bea969fbc918eb0a4a346f514b9f3",
"refsource": "MISC",
"url": "https://github.com/NLnetLabs/ldns/commit/15d96206996bea969fbc918eb0a4a346f514b9f3"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-19860",
"datePublished": "2022-01-21T13:40:44",
"dateReserved": "2020-08-13T00:00:00",
"dateUpdated": "2024-08-04T14:15:28.652Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-1000231 (GCVE-0-2017-1000231)
Vulnerability from cvelistv5 – Published: 2017-11-17 04:00 – Updated: 2024-08-05 21:53
VLAI?
Summary
A double-free vulnerability in parse.c in ldns 1.7.0 have unspecified impact and attack vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:53:07.304Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[debian-lts-announce] 20171121 [SECURITY] [DLA 1182-1] ldns security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00028.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=1256"
},
{
"name": "openSUSE-SU-2020:0438",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00000.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"dateAssigned": "2017-08-22T00:00:00",
"datePublic": "2017-11-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A double-free vulnerability in parse.c in ldns 1.7.0 have unspecified impact and attack vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-01T05:06:04",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[debian-lts-announce] 20171121 [SECURITY] [DLA 1182-1] ldns security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00028.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=1256"
},
{
"name": "openSUSE-SU-2020:0438",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00000.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2017-08-22T17:29:33.460075",
"ID": "CVE-2017-1000231",
"REQUESTER": "stephan.zeisberg@splone.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A double-free vulnerability in parse.c in ldns 1.7.0 have unspecified impact and attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[debian-lts-announce] 20171121 [SECURITY] [DLA 1182-1] ldns security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00028.html"
},
{
"name": "https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=1256",
"refsource": "MISC",
"url": "https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=1256"
},
{
"name": "openSUSE-SU-2020:0438",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00000.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-1000231",
"datePublished": "2017-11-17T04:00:00",
"dateReserved": "2017-11-16T00:00:00",
"dateUpdated": "2024-08-05T21:53:07.304Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-1000232 (GCVE-0-2017-1000232)
Vulnerability from cvelistv5 – Published: 2017-11-17 04:00 – Updated: 2024-08-05 21:53
VLAI?
Summary
A double-free vulnerability in str2host.c in ldns 1.7.0 have unspecified impact and attack vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:53:07.429Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=1257"
},
{
"name": "openSUSE-SU-2020:0438",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00000.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"dateAssigned": "2017-08-22T00:00:00",
"datePublic": "2017-11-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A double-free vulnerability in str2host.c in ldns 1.7.0 have unspecified impact and attack vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-01T05:06:04",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=1257"
},
{
"name": "openSUSE-SU-2020:0438",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00000.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2017-08-22T17:29:33.461002",
"ID": "CVE-2017-1000232",
"REQUESTER": "stephan.zeisberg@splone.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A double-free vulnerability in str2host.c in ldns 1.7.0 have unspecified impact and attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=1257",
"refsource": "MISC",
"url": "https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=1257"
},
{
"name": "openSUSE-SU-2020:0438",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00000.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-1000232",
"datePublished": "2017-11-17T04:00:00",
"dateReserved": "2017-11-16T00:00:00",
"dateUpdated": "2024-08-05T21:53:07.429Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-3209 (GCVE-0-2014-3209)
Vulnerability from cvelistv5 – Published: 2014-11-16 01:00 – Updated: 2024-08-06 10:35
VLAI?
Summary
The ldns-keygen tool in ldns 1.6.x uses the current umask to set the privileges of the private key, which might allow local users to obtain the private key by reading the file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:35:56.989Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20140503 ldns-keygen creates private key world readable",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/05/03/2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=746758"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=573"
},
{
"name": "[oss-security] 20140504 Re: ldns-keygen creates private key world readable",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/05/05/4"
},
{
"name": "67200",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/67200"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-05-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The ldns-keygen tool in ldns 1.6.x uses the current umask to set the privileges of the private key, which might allow local users to obtain the private key by reading the file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-11-16T00:57:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20140503 ldns-keygen creates private key world readable",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2014/05/03/2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=746758"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=573"
},
{
"name": "[oss-security] 20140504 Re: ldns-keygen creates private key world readable",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2014/05/05/4"
},
{
"name": "67200",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/67200"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-3209",
"datePublished": "2014-11-16T01:00:00",
"dateReserved": "2014-05-03T00:00:00",
"dateUpdated": "2024-08-06T10:35:56.989Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-3581 (GCVE-0-2011-3581)
Vulnerability from cvelistv5 – Published: 2011-11-04 21:00 – Updated: 2024-08-06 23:37
VLAI?
Summary
Heap-based buffer overflow in the ldns_rr_new_frm_str_internal function in ldns before 1.6.11 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a Resource Record (RR) with an unknown type containing input that is longer than a specified length.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:37:48.237Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "46476",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/46476"
},
{
"name": "49748",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/49748"
},
{
"name": "[oss-security] 20110930 Re: CVE request: heap-based buffer overflow in ldns",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2011/q3/542"
},
{
"name": "46470",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/46470"
},
{
"name": "[oss-security] 20110924 CVE request: heap-based buffer overflow in ldns",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2011/q3/503"
},
{
"name": "FEDORA-2011-13929",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068239.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=403"
},
{
"name": "FEDORA-2011-13915",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068201.html"
},
{
"name": "FEDORA-2011-13895",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068091.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://nlnetlabs.nl/svn/ldns/tags/release-1.6.11/Changelog"
},
{
"name": "openSUSE-SU-2011:1161",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-10/msg00008.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-08-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the ldns_rr_new_frm_str_internal function in ldns before 1.6.11 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a Resource Record (RR) with an unknown type containing input that is longer than a specified length."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-06T18:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "46476",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/46476"
},
{
"name": "49748",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/49748"
},
{
"name": "[oss-security] 20110930 Re: CVE request: heap-based buffer overflow in ldns",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2011/q3/542"
},
{
"name": "46470",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/46470"
},
{
"name": "[oss-security] 20110924 CVE request: heap-based buffer overflow in ldns",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2011/q3/503"
},
{
"name": "FEDORA-2011-13929",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068239.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=403"
},
{
"name": "FEDORA-2011-13915",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068201.html"
},
{
"name": "FEDORA-2011-13895",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068091.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://nlnetlabs.nl/svn/ldns/tags/release-1.6.11/Changelog"
},
{
"name": "openSUSE-SU-2011:1161",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-10/msg00008.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-3581",
"datePublished": "2011-11-04T21:00:00",
"dateReserved": "2011-09-21T00:00:00",
"dateUpdated": "2024-08-06T23:37:48.237Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-1086 (GCVE-0-2009-1086)
Vulnerability from cvelistv5 – Published: 2009-03-25 18:00 – Updated: 2024-08-07 04:57
VLAI?
Summary
Heap-based buffer overflow in the ldns_rr_new_frm_str_internal function in ldns 1.4.x allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via a DNS resource record (RR) with a long (1) class field (clas variable) and possibly (2) TTL field.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:57:17.916Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "35013",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35013"
},
{
"name": "[oss-security] 20090324 CVE id request: ldns",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2009/03/24/4"
},
{
"name": "34233",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/34233"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.nlnetlabs.nl/svn/ldns/tags/release-1.5.0/Changelog"
},
{
"name": "35065",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35065"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.nlnetlabs.nl/bugs/show_bug.cgi?id=232"
},
{
"name": "SUSE-SR:2009:010",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html"
},
{
"name": "DSA-1795",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2009/dsa-1795"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-02-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the ldns_rr_new_frm_str_internal function in ldns 1.4.x allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via a DNS resource record (RR) with a long (1) class field (clas variable) and possibly (2) TTL field."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-05-13T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "35013",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35013"
},
{
"name": "[oss-security] 20090324 CVE id request: ldns",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2009/03/24/4"
},
{
"name": "34233",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/34233"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.nlnetlabs.nl/svn/ldns/tags/release-1.5.0/Changelog"
},
{
"name": "35065",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35065"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.nlnetlabs.nl/bugs/show_bug.cgi?id=232"
},
{
"name": "SUSE-SR:2009:010",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html"
},
{
"name": "DSA-1795",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2009/dsa-1795"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1086",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in the ldns_rr_new_frm_str_internal function in ldns 1.4.x allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via a DNS resource record (RR) with a long (1) class field (clas variable) and possibly (2) TTL field."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "35013",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35013"
},
{
"name": "[oss-security] 20090324 CVE id request: ldns",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2009/03/24/4"
},
{
"name": "34233",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34233"
},
{
"name": "http://www.nlnetlabs.nl/svn/ldns/tags/release-1.5.0/Changelog",
"refsource": "CONFIRM",
"url": "http://www.nlnetlabs.nl/svn/ldns/tags/release-1.5.0/Changelog"
},
{
"name": "35065",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35065"
},
{
"name": "http://www.nlnetlabs.nl/bugs/show_bug.cgi?id=232",
"refsource": "MISC",
"url": "http://www.nlnetlabs.nl/bugs/show_bug.cgi?id=232"
},
{
"name": "SUSE-SR:2009:010",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html"
},
{
"name": "DSA-1795",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1795"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-1086",
"datePublished": "2009-03-25T18:00:00",
"dateReserved": "2009-03-25T00:00:00",
"dateUpdated": "2024-08-07T04:57:17.916Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-19861 (GCVE-0-2020-19861)
Vulnerability from nvd – Published: 2022-01-21 14:22 – Updated: 2024-08-04 14:15
VLAI?
Summary
When a zone file in ldns 1.7.1 is parsed, the function ldns_nsec3_salt_data is too trusted for the length value obtained from the zone file. When the memcpy is copied, the 0xfe - ldns_rdf_size(salt_rdf) byte data can be copied, causing heap overflow information leakage.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T14:15:28.490Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/NLnetLabs/ldns/issues/51"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://cwe.mitre.org/data/definitions/126.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "When a zone file in ldns 1.7.1 is parsed, the function ldns_nsec3_salt_data is too trusted for the length value obtained from the zone file. When the memcpy is copied, the 0xfe - ldns_rdf_size(salt_rdf) byte data can be copied, causing heap overflow information leakage."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-07-10T20:17:31",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/NLnetLabs/ldns/issues/51"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://cwe.mitre.org/data/definitions/126.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-19861",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "When a zone file in ldns 1.7.1 is parsed, the function ldns_nsec3_salt_data is too trusted for the length value obtained from the zone file. When the memcpy is copied, the 0xfe - ldns_rdf_size(salt_rdf) byte data can be copied, causing heap overflow information leakage."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/NLnetLabs/ldns/issues/51",
"refsource": "MISC",
"url": "https://github.com/NLnetLabs/ldns/issues/51"
},
{
"name": "https://cwe.mitre.org/data/definitions/126.html",
"refsource": "MISC",
"url": "https://cwe.mitre.org/data/definitions/126.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-19861",
"datePublished": "2022-01-21T14:22:16",
"dateReserved": "2020-08-13T00:00:00",
"dateUpdated": "2024-08-04T14:15:28.490Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2020-19860 (GCVE-0-2020-19860)
Vulnerability from nvd – Published: 2022-01-21 13:40 – Updated: 2024-08-04 14:15
VLAI?
Summary
When ldns version 1.7.1 verifies a zone file, the ldns_rr_new_frm_str_internal function has a heap out of bounds read vulnerability. An attacker can leak information on the heap by constructing a zone file payload.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-04T14:15:28.652Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/NLnetLabs/ldns/issues/50"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/NLnetLabs/ldns/commit/15d96206996bea969fbc918eb0a4a346f514b9f3"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "When ldns version 1.7.1 verifies a zone file, the ldns_rr_new_frm_str_internal function has a heap out of bounds read vulnerability. An attacker can leak information on the heap by constructing a zone file payload."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-01-21T13:40:44",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/NLnetLabs/ldns/issues/50"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/NLnetLabs/ldns/commit/15d96206996bea969fbc918eb0a4a346f514b9f3"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2020-19860",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "When ldns version 1.7.1 verifies a zone file, the ldns_rr_new_frm_str_internal function has a heap out of bounds read vulnerability. An attacker can leak information on the heap by constructing a zone file payload."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://github.com/NLnetLabs/ldns/issues/50",
"refsource": "MISC",
"url": "https://github.com/NLnetLabs/ldns/issues/50"
},
{
"name": "https://github.com/NLnetLabs/ldns/commit/15d96206996bea969fbc918eb0a4a346f514b9f3",
"refsource": "MISC",
"url": "https://github.com/NLnetLabs/ldns/commit/15d96206996bea969fbc918eb0a4a346f514b9f3"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2020-19860",
"datePublished": "2022-01-21T13:40:44",
"dateReserved": "2020-08-13T00:00:00",
"dateUpdated": "2024-08-04T14:15:28.652Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-1000231 (GCVE-0-2017-1000231)
Vulnerability from nvd – Published: 2017-11-17 04:00 – Updated: 2024-08-05 21:53
VLAI?
Summary
A double-free vulnerability in parse.c in ldns 1.7.0 have unspecified impact and attack vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:53:07.304Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[debian-lts-announce] 20171121 [SECURITY] [DLA 1182-1] ldns security update",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00028.html"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=1256"
},
{
"name": "openSUSE-SU-2020:0438",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00000.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"dateAssigned": "2017-08-22T00:00:00",
"datePublic": "2017-11-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A double-free vulnerability in parse.c in ldns 1.7.0 have unspecified impact and attack vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-01T05:06:04",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "[debian-lts-announce] 20171121 [SECURITY] [DLA 1182-1] ldns security update",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00028.html"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=1256"
},
{
"name": "openSUSE-SU-2020:0438",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00000.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2017-08-22T17:29:33.460075",
"ID": "CVE-2017-1000231",
"REQUESTER": "stephan.zeisberg@splone.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A double-free vulnerability in parse.c in ldns 1.7.0 have unspecified impact and attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "[debian-lts-announce] 20171121 [SECURITY] [DLA 1182-1] ldns security update",
"refsource": "MLIST",
"url": "https://lists.debian.org/debian-lts-announce/2017/11/msg00028.html"
},
{
"name": "https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=1256",
"refsource": "MISC",
"url": "https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=1256"
},
{
"name": "openSUSE-SU-2020:0438",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00000.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-1000231",
"datePublished": "2017-11-17T04:00:00",
"dateReserved": "2017-11-16T00:00:00",
"dateUpdated": "2024-08-05T21:53:07.304Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2017-1000232 (GCVE-0-2017-1000232)
Vulnerability from nvd – Published: 2017-11-17 04:00 – Updated: 2024-08-05 21:53
VLAI?
Summary
A double-free vulnerability in str2host.c in ldns 1.7.0 have unspecified impact and attack vectors.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||
|---|---|---|---|---|---|---|---|---|
|
||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-05T21:53:07.429Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=1257"
},
{
"name": "openSUSE-SU-2020:0438",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00000.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"dateAssigned": "2017-08-22T00:00:00",
"datePublic": "2017-11-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "A double-free vulnerability in str2host.c in ldns 1.7.0 have unspecified impact and attack vectors."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-04-01T05:06:04",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"tags": [
"x_refsource_MISC"
],
"url": "https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=1257"
},
{
"name": "openSUSE-SU-2020:0438",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00000.html"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"DATE_ASSIGNED": "2017-08-22T17:29:33.461002",
"ID": "CVE-2017-1000232",
"REQUESTER": "stephan.zeisberg@splone.com",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "A double-free vulnerability in str2host.c in ldns 1.7.0 have unspecified impact and attack vectors."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=1257",
"refsource": "MISC",
"url": "https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=1257"
},
{
"name": "openSUSE-SU-2020:0438",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00000.html"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2017-1000232",
"datePublished": "2017-11-17T04:00:00",
"dateReserved": "2017-11-16T00:00:00",
"dateUpdated": "2024-08-05T21:53:07.429Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-3209 (GCVE-0-2014-3209)
Vulnerability from nvd – Published: 2014-11-16 01:00 – Updated: 2024-08-06 10:35
VLAI?
Summary
The ldns-keygen tool in ldns 1.6.x uses the current umask to set the privileges of the private key, which might allow local users to obtain the private key by reading the file.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T10:35:56.989Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "[oss-security] 20140503 ldns-keygen creates private key world readable",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/05/03/2"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=746758"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=573"
},
{
"name": "[oss-security] 20140504 Re: ldns-keygen creates private key world readable",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2014/05/05/4"
},
{
"name": "67200",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/67200"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2014-05-03T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "The ldns-keygen tool in ldns 1.6.x uses the current umask to set the privileges of the private key, which might allow local users to obtain the private key by reading the file."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2014-11-16T00:57:00",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "[oss-security] 20140503 ldns-keygen creates private key world readable",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2014/05/03/2"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=746758"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=573"
},
{
"name": "[oss-security] 20140504 Re: ldns-keygen creates private key world readable",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2014/05/05/4"
},
{
"name": "67200",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/67200"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2014-3209",
"datePublished": "2014-11-16T01:00:00",
"dateReserved": "2014-05-03T00:00:00",
"dateUpdated": "2024-08-06T10:35:56.989Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2011-3581 (GCVE-0-2011-3581)
Vulnerability from nvd – Published: 2011-11-04 21:00 – Updated: 2024-08-06 23:37
VLAI?
Summary
Heap-based buffer overflow in the ldns_rr_new_frm_str_internal function in ldns before 1.6.11 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a Resource Record (RR) with an unknown type containing input that is longer than a specified length.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | ||||||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
|||||||||||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T23:37:48.237Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "46476",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/46476"
},
{
"name": "49748",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/49748"
},
{
"name": "[oss-security] 20110930 Re: CVE request: heap-based buffer overflow in ldns",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2011/q3/542"
},
{
"name": "46470",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/46470"
},
{
"name": "[oss-security] 20110924 CVE request: heap-based buffer overflow in ldns",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://seclists.org/oss-sec/2011/q3/503"
},
{
"name": "FEDORA-2011-13929",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068239.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=403"
},
{
"name": "FEDORA-2011-13915",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068201.html"
},
{
"name": "FEDORA-2011-13895",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA",
"x_transferred"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068091.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://nlnetlabs.nl/svn/ldns/tags/release-1.6.11/Changelog"
},
{
"name": "openSUSE-SU-2011:1161",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-10/msg00008.html"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2011-08-24T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the ldns_rr_new_frm_str_internal function in ldns before 1.6.11 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a Resource Record (RR) with an unknown type containing input that is longer than a specified length."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2016-12-06T18:57:01",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"name": "46476",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/46476"
},
{
"name": "49748",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/49748"
},
{
"name": "[oss-security] 20110930 Re: CVE request: heap-based buffer overflow in ldns",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2011/q3/542"
},
{
"name": "46470",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/46470"
},
{
"name": "[oss-security] 20110924 CVE request: heap-based buffer overflow in ldns",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://seclists.org/oss-sec/2011/q3/503"
},
{
"name": "FEDORA-2011-13929",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068239.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=403"
},
{
"name": "FEDORA-2011-13915",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068201.html"
},
{
"name": "FEDORA-2011-13895",
"tags": [
"vendor-advisory",
"x_refsource_FEDORA"
],
"url": "http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068091.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://nlnetlabs.nl/svn/ldns/tags/release-1.6.11/Changelog"
},
{
"name": "openSUSE-SU-2011:1161",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2011-10/msg00008.html"
}
]
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2011-3581",
"datePublished": "2011-11-04T21:00:00",
"dateReserved": "2011-09-21T00:00:00",
"dateUpdated": "2024-08-06T23:37:48.237Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2009-1086 (GCVE-0-2009-1086)
Vulnerability from nvd – Published: 2009-03-25 18:00 – Updated: 2024-08-07 04:57
VLAI?
Summary
Heap-based buffer overflow in the ldns_rr_new_frm_str_internal function in ldns 1.4.x allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via a DNS resource record (RR) with a long (1) class field (clas variable) and possibly (2) TTL field.
Severity ?
No CVSS data available.
CWE
- n/a
Assigner
References
| URL | Tags | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
||||||||||||||||||||||||||
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-07T04:57:17.916Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "35013",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35013"
},
{
"name": "[oss-security] 20090324 CVE id request: ldns",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://www.openwall.com/lists/oss-security/2009/03/24/4"
},
{
"name": "34233",
"tags": [
"vdb-entry",
"x_refsource_BID",
"x_transferred"
],
"url": "http://www.securityfocus.com/bid/34233"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://www.nlnetlabs.nl/svn/ldns/tags/release-1.5.0/Changelog"
},
{
"name": "35065",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA",
"x_transferred"
],
"url": "http://secunia.com/advisories/35065"
},
{
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "http://www.nlnetlabs.nl/bugs/show_bug.cgi?id=232"
},
{
"name": "SUSE-SR:2009:010",
"tags": [
"vendor-advisory",
"x_refsource_SUSE",
"x_transferred"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html"
},
{
"name": "DSA-1795",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN",
"x_transferred"
],
"url": "http://www.debian.org/security/2009/dsa-1795"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"datePublic": "2009-02-02T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "Heap-based buffer overflow in the ldns_rr_new_frm_str_internal function in ldns 1.4.x allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via a DNS resource record (RR) with a long (1) class field (clas variable) and possibly (2) TTL field."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2009-05-13T09:00:00",
"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"shortName": "mitre"
},
"references": [
{
"name": "35013",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35013"
},
{
"name": "[oss-security] 20090324 CVE id request: ldns",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://www.openwall.com/lists/oss-security/2009/03/24/4"
},
{
"name": "34233",
"tags": [
"vdb-entry",
"x_refsource_BID"
],
"url": "http://www.securityfocus.com/bid/34233"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://www.nlnetlabs.nl/svn/ldns/tags/release-1.5.0/Changelog"
},
{
"name": "35065",
"tags": [
"third-party-advisory",
"x_refsource_SECUNIA"
],
"url": "http://secunia.com/advisories/35065"
},
{
"tags": [
"x_refsource_MISC"
],
"url": "http://www.nlnetlabs.nl/bugs/show_bug.cgi?id=232"
},
{
"name": "SUSE-SR:2009:010",
"tags": [
"vendor-advisory",
"x_refsource_SUSE"
],
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html"
},
{
"name": "DSA-1795",
"tags": [
"vendor-advisory",
"x_refsource_DEBIAN"
],
"url": "http://www.debian.org/security/2009/dsa-1795"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "cve@mitre.org",
"ID": "CVE-2009-1086",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "Heap-based buffer overflow in the ldns_rr_new_frm_str_internal function in ldns 1.4.x allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via a DNS resource record (RR) with a long (1) class field (clas variable) and possibly (2) TTL field."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "35013",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35013"
},
{
"name": "[oss-security] 20090324 CVE id request: ldns",
"refsource": "MLIST",
"url": "http://www.openwall.com/lists/oss-security/2009/03/24/4"
},
{
"name": "34233",
"refsource": "BID",
"url": "http://www.securityfocus.com/bid/34233"
},
{
"name": "http://www.nlnetlabs.nl/svn/ldns/tags/release-1.5.0/Changelog",
"refsource": "CONFIRM",
"url": "http://www.nlnetlabs.nl/svn/ldns/tags/release-1.5.0/Changelog"
},
{
"name": "35065",
"refsource": "SECUNIA",
"url": "http://secunia.com/advisories/35065"
},
{
"name": "http://www.nlnetlabs.nl/bugs/show_bug.cgi?id=232",
"refsource": "MISC",
"url": "http://www.nlnetlabs.nl/bugs/show_bug.cgi?id=232"
},
{
"name": "SUSE-SR:2009:010",
"refsource": "SUSE",
"url": "http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html"
},
{
"name": "DSA-1795",
"refsource": "DEBIAN",
"url": "http://www.debian.org/security/2009/dsa-1795"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca",
"assignerShortName": "mitre",
"cveId": "CVE-2009-1086",
"datePublished": "2009-03-25T18:00:00",
"dateReserved": "2009-03-25T00:00:00",
"dateUpdated": "2024-08-07T04:57:17.916Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}