Bug 831738

Summary:	net-libs/ldns: heap overread vulnerability via zone file
Product:	Gentoo Security	Reporter:	John Helmert III <ajak>
Component:	Vulnerabilities	Assignee:	Gentoo Security <security>
Status:	RESOLVED DUPLICATE
Severity:	minor	CC:	mschiff
Priority:	Normal
Version:	unspecified
Hardware:	All
OS:	Linux
URL:	https://github.com/NLnetLabs/ldns/issues/50
Whiteboard:	B4 [ebuild]
Package list:		Runtime testing required:	---

Description John Helmert III archtester

2022-01-21 15:22:53 UTC

CVE-2020-19860:

When ldns version 1.7.1 verifies a zone file, the ldns_rr_new_frm_str_internal function has a heap out of bounds read vulnerability. An attacker can leak information on the heap by constructing a zone file payload.

Patch: https://github.com/NLnetLabs/ldns/commit/15d96206996bea969fbc918eb0a4a346f514b9f3

Comment 1 John Helmert III archtester

2022-01-21 19:07:43 UTC

*** This bug has been marked as a duplicate of bug 827828 ***