Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!

Bug 905267 (CVE-2023-31470)

Summary: <net-dns/smartdns-42: stack buffer overflow via crafted DNS request
Product: Gentoo Security Reporter: John Helmert III <ajak>
Component: VulnerabilitiesAssignee: Gentoo Security <security>
Status: RESOLVED FIXED    
Severity: trivial CC: ajak, dlan
Priority: Normal    
Version: unspecified   
Hardware: All   
OS: Linux   
URL: https://github.com/pymumu/smartdns/issues/1378
Whiteboard: ~3 [noglsa]
Package list:
Runtime testing required: ---

Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2023-04-29 04:22:53 UTC 
CVE-2023-31470:

SmartDNS through 41 before 56d0332 allows an out-of-bounds write because of a stack-based buffer overflow in the _dns_encode_domain function in the dns.c file, via a crafted DNS request.

Patch (seems unreleased): https://github.com/pymumu/smartdns/commit/56d0332bf91104cfc877635f6c82e9348587df04