Search CVE reports


Toggle filters

1 – 7 of 7 results


CVE-2020-19861

Medium priority

Some fixes available 4 of 6

When a zone file in ldns 1.7.1 is parsed, the function ldns_nsec3_salt_data is too trusted for the length value obtained from the zone file. When the memcpy is copied, the 0xfe - ldns_rdf_size(salt_rdf) byte data can be copied,...

1 affected package

ldns

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ldns Not affected Fixed Fixed Fixed Fixed
Show less packages

CVE-2020-19860

Medium priority

Some fixes available 4 of 6

When ldns version 1.7.1 verifies a zone file, the ldns_rr_new_frm_str_internal function has a heap out of bounds read vulnerability. An attacker can leak information on the heap by constructing a zone file payload.

1 affected package

ldns

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ldns Not affected Fixed Fixed Fixed Fixed
Show less packages

CVE-2017-1000232

Medium priority
Fixed

A double-free vulnerability in str2host.c in ldns 1.7.0 have unspecified impact and attack vectors.

1 affected package

ldns

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ldns Fixed
Show less packages

CVE-2017-1000231

Medium priority
Fixed

A double-free vulnerability in parse.c in ldns 1.7.0 have unspecified impact and attack vectors.

1 affected package

ldns

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ldns Fixed
Show less packages

CVE-2014-3209

Low priority

Some fixes available 1 of 9

The ldns-keygen tool in ldns 1.6.x uses the current umask to set the privileges of the private key, which might allow local users to obtain the private key by reading the file.

1 affected package

ldns

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ldns Not affected
Show less packages

CVE-2011-3581

Medium priority
Ignored

Heap-based buffer overflow in the ldns_rr_new_frm_str_internal function in ldns before 1.6.11 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a Resource Record (RR) with an...

1 affected package

ldns

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ldns
Show less packages

CVE-2009-1086

Medium priority

Some fixes available 1 of 3

Heap-based buffer overflow in the ldns_rr_new_frm_str_internal function in ldns 1.4.x allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via a DNS resource record (RR) with...

1 affected package

ldns

Package 24.04 LTS 22.04 LTS 20.04 LTS 18.04 LTS 16.04 LTS
ldns
Show less packages