Bug 827828 (CVE-2020-19860, CVE-2020-19861)

Summary:	<net-libs/ldns-1.8.0: Multiple vulnerabilities
Product:	Gentoo Security	Reporter:	Sam James <sam>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	IN_PROGRESS ---
Severity:	minor	CC:	ajak, mschiff
Priority:	Normal
Version:	unspecified
Hardware:	All
OS:	Linux
Whiteboard:	B3 [glsa? cleanup]
Package list:		Runtime testing required:	---
Bug Depends on:	827968
Bug Blocks:

Description Sam James archtester

2021-11-29 07:53:14 UTC

From the 1.8.0 changelog [0]:
	* bugfix #50: heap Out-of-bound Read vulnerability in
	  rr_frm_str_internal reported by pokerfacett.
	* bugfix #51: Heap Out-of-bound Read vulnerability in
	  ldns_nsec3_salt_data reported by pokerfacett.
	* Detect fixed time memory compare for openssl 0.9.8.

[0] https://github.com/NLnetLabs/ldns/blob/d3955248eb409b6af0cc6f33e3d458e7f1f555cf/Changelog

Comment 1 Sam James archtester

2021-12-01 11:22:51 UTC

Please stable when ready (make a new bug & make it block this one), thanks!

Comment 2 John Helmert III archtester

2021-12-06 02:58:42 UTC

Please cleanup

Comment 3 John Helmert III archtester

2022-01-21 19:07:43 UTC

*** Bug 831738 has been marked as a duplicate of this bug. ***

Comment 4 John Helmert III archtester

2022-01-21 19:08:32 UTC

CVE-2020-19861 (https://github.com/NLnetLabs/ldns/issues/51):

When a zone file in ldns 1.7.1 is parsed, the function ldns_nsec3_salt_data is too trusted for the length value obtained from the zone file. When the memcpy is copied, the 0xfe - ldns_rdf_size(salt_rdf) byte data can be copied, causing heap overflow information leakage.

CVE-2020-19860 (https://github.com/NLnetLabs/ldns/issues/50):

When ldns version 1.7.1 verifies a zone file, the ldns_rr_new_frm_str_internal function has a heap out of bounds read vulnerability. An attacker can leak information on the heap by constructing a zone file payload.

Both fixed in 1.8.0.