CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2020-19861
https://notcve.org/view.php?id=CVE-2020-19861
21 Jan 2022 — When a zone file in ldns 1.7.1 is parsed, the function ldns_nsec3_salt_data is too trusted for the length value obtained from the zone file. When the memcpy is copied, the 0xfe - ldns_rdf_size(salt_rdf) byte data can be copied, causing heap overflow information leakage. Cuando es analizado un archivo de zona en ldns versión 1.7.1, la función ldns_nsec3_salt_data es demasiado confiable para el valor de longitud obtenido del archivo de zona. Cuando es copiado el memcpy, los datos de bytes 0xfe - ldns_rdf_size... • https://cwe.mitre.org/data/definitions/126.html • CWE-125: Out-of-bounds Read •
CVSS: 6.5EPSS: 0%CPEs: 1EXPL: 1CVE-2020-19860 – Ubuntu Security Notice USN-5257-1
https://notcve.org/view.php?id=CVE-2020-19860
21 Jan 2022 — When ldns version 1.7.1 verifies a zone file, the ldns_rr_new_frm_str_internal function has a heap out of bounds read vulnerability. An attacker can leak information on the heap by constructing a zone file payload. Cuando ldns versión 1.7.1, verifica un archivo de zona, la función ldns_rr_new_frm_str_internal presenta una vulnerabilidad de lectura fuera de límites de la pila. Un atacante puede filtrar información en la pila al construir una carga útil de archivo de zona It was discovered that ldns incorrect... • https://github.com/NLnetLabs/ldns/commit/15d96206996bea969fbc918eb0a4a346f514b9f3 • CWE-125: Out-of-bounds Read •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2017-1000231 – Ubuntu Security Notice USN-3491-1
https://notcve.org/view.php?id=CVE-2017-1000231
17 Nov 2017 — A double-free vulnerability in parse.c in ldns 1.7.0 have unspecified impact and attack vectors. Una vulnerabilidad de doble liberación (double free) en parse.c en ldns 1.7.0 provoca un impacto y origina vectores de ataque no especificados. Leon Weber discovered that the ldns-keygen tool incorrectly set permissions on private keys. A local attacker could possibly use this issue to obtain generated private keys. This issue only applied to Ubuntu 14.04 LTS. • http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00000.html • CWE-415: Double Free •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 1CVE-2017-1000232 – Ubuntu Security Notice USN-3491-1
https://notcve.org/view.php?id=CVE-2017-1000232
17 Nov 2017 — A double-free vulnerability in str2host.c in ldns 1.7.0 have unspecified impact and attack vectors. Una vulnerabilidad de doble liberación (double free) en str2host.c en ldns 1.7.0 provoca un impacto y origina vectores de ataque no especificados. Leon Weber discovered that the ldns-keygen tool incorrectly set permissions on private keys. A local attacker could possibly use this issue to obtain generated private keys. This issue only applied to Ubuntu 14.04 LTS. • http://lists.opensuse.org/opensuse-security-announce/2020-04/msg00000.html • CWE-415: Double Free •
CVSS: 5.5EPSS: 0%CPEs: 12EXPL: 0CVE-2014-3209 – Mandriva Linux Security Advisory 2014-085
https://notcve.org/view.php?id=CVE-2014-3209
12 May 2014 — The ldns-keygen tool in ldns 1.6.x uses the current umask to set the privileges of the private key, which might allow local users to obtain the private key by reading the file. La herramienta Idns-keygen en Idns 1.6.x utiliza la umask actual para configurar los privilegios de la clave privada, lo que podría permitir a usuarios locales obtener la clave privada mediante la lectura del archivo. Leon Weber discovered that the ldns-keygen tool incorrectly set permissions on private keys. A local attacker could p... • http://www.openwall.com/lists/oss-security/2014/05/03/2 • CWE-264: Permissions, Privileges, and Access Controls •
CVSS: 9.8EPSS: 4%CPEs: 26EXPL: 0CVE-2011-3581 – Gentoo Linux Security Advisory 201401-25
https://notcve.org/view.php?id=CVE-2011-3581
04 Nov 2011 — Heap-based buffer overflow in the ldns_rr_new_frm_str_internal function in ldns before 1.6.11 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a Resource Record (RR) with an unknown type containing input that is longer than a specified length. Desboramiento de buffer basado en memoria dinámica en la función ldns_rr_new_frm_str_internal en ldns antes de v1.6.11, permite a atacantes remotos provocar una denegación de servicio (caída) y posiblemente ejecutar ... • http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068091.html • CWE-119: Improper Restriction of Operations within the Bounds of a Memory Buffer •
CVSS: 9.8EPSS: 3%CPEs: 2EXPL: 0CVE-2009-1086
https://notcve.org/view.php?id=CVE-2009-1086
25 Mar 2009 — Heap-based buffer overflow in the ldns_rr_new_frm_str_internal function in ldns 1.4.x allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via a DNS resource record (RR) with a long (1) class field (clas variable) and possibly (2) TTL field. Desbordamiento de búfer basado en montículo en la función ldns_rr_new_frm_str_internal en ldns v1.4.x, permite a atacantes remotos provocar una denegación de servicio (corrupción de memoria) y posiblemente la ejecu... • http://lists.opensuse.org/opensuse-security-announce/2009-05/msg00000.html • CWE-399: Resource Management Errors •