Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 905267 (CVE-2023-31470) - <net-dns/smartdns-42: stack buffer overflow via crafted DNS request
Summary: <net-dns/smartdns-42: stack buffer overflow via crafted DNS request
Status: RESOLVED FIXED
Alias: CVE-2023-31470
Product: Gentoo Security
Classification: Unclassified
Component: Vulnerabilities (show other bugs)
Hardware: All Linux
: Normal trivial
Assignee: Gentoo Security
URL: https://github.com/pymumu/smartdns/is...
Whiteboard: ~3 [noglsa]
Keywords:
Depends on:
Blocks:
 
Reported: 2023-04-29 04:22 UTC by John Helmert III
Modified: 2024-02-10 06:00 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description John Helmert III archtester Gentoo Infrastructure gentoo-dev Security 2023-04-29 04:22:53 UTC
CVE-2023-31470:

SmartDNS through 41 before 56d0332 allows an out-of-bounds write because of a stack-based buffer overflow in the _dns_encode_domain function in the dns.c file, via a crafted DNS request.

Patch (seems unreleased): https://github.com/pymumu/smartdns/commit/56d0332bf91104cfc877635f6c82e9348587df04