Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 827828 (CVE-2020-19860, CVE-2020-19861) - <net-libs/ldns-1.8.0: Multiple vulnerabilities
Summary: <net-libs/ldns-1.8.0: Multiple vulnerabilities
Status: IN_PROGRESS
Alias: CVE-2020-19860, CVE-2020-19861
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal minor (vote)
Assignee: Gentoo Security
URL:
Whiteboard: B3 [glsa? cleanup]
Keywords:
: 831738 (view as bug list)
Depends on: 827968
Blocks:
  Show dependency tree
 
Reported: 2021-11-29 07:53 UTC by Sam James
Modified: 2022-01-21 19:08 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-11-29 07:53:14 UTC 
From the 1.8.0 changelog [0]:
	* bugfix #50: heap Out-of-bound Read vulnerability in
	  rr_frm_str_internal reported by pokerfacett.
	* bugfix #51: Heap Out-of-bound Read vulnerability in
	  ldns_nsec3_salt_data reported by pokerfacett.
	* Detect fixed time memory compare for openssl 0.9.8.

[0] https://github.com/NLnetLabs/ldns/blob/d3955248eb409b6af0cc6f33e3d458e7f1f555cf/Changelog
Comment 1 Sam James archtester Gentoo Infrastructure gentoo-dev Security 2021-12-01 11:22:51 UTC 
Please stable when ready (make a new bug & make it block this one), thanks!
Comment 2 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2021-12-06 02:58:42 UTC 
Please cleanup
Comment 3 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-01-21 19:07:43 UTC 
*** Bug 831738 has been marked as a duplicate of this bug. ***
Comment 4 John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2022-01-21 19:08:32 UTC 
CVE-2020-19861 (https://github.com/NLnetLabs/ldns/issues/51):

When a zone file in ldns 1.7.1 is parsed, the function ldns_nsec3_salt_data is too trusted for the length value obtained from the zone file. When the memcpy is copied, the 0xfe - ldns_rdf_size(salt_rdf) byte data can be copied, causing heap overflow information leakage.

CVE-2020-19860 (https://github.com/NLnetLabs/ldns/issues/50):

When ldns version 1.7.1 verifies a zone file, the ldns_rr_new_frm_str_internal function has a heap out of bounds read vulnerability. An attacker can leak information on the heap by constructing a zone file payload.

Both fixed in 1.8.0.