Candidate: CVE-2017-9108
PublicDate: 2020-06-18 14:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9108
 http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=adns.git;a=commit;h=72c6bfd77dfdb34457a792874fd1c3030fca90ac
Description:
 An issue was discovered in adns before 1.5.2. adnshost mishandles a missing
 final newline on a stdin read. It is wrong to increment used as well as
 setting r, since used is incremented according to r, later. Rather one
 should be doing what read() would have done. Without this fix, adnshost may
 read and process one byte beyond the buffer, perhaps crashing or perhaps
 somehow leaking the value of that byte.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H [7.5 HIGH]


Patches_adns:
upstream_adns: needs-triage
precise/esm_adns: DNE
trusty_adns: ignored (out of standard support)
trusty/esm_adns: DNE
xenial_adns: ignored (end of standard support, was needed)
bionic_adns: needed
eoan_adns: ignored (reached end-of-life)
focal_adns: needed
groovy_adns: not-affected (1.6.0-2)
hirsute_adns: not-affected (1.6.0-2)
impish_adns: not-affected (1.6.0-2)
jammy_adns: not-affected (1.6.0-2)
devel_adns: not-affected (1.6.0-2)