Candidate: CVE-2017-9109
PublicDate: 2020-06-18 14:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9109
 http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=adns.git;a=commit;h=fcf2b4e1faf22accb6184cca595aaee602839868
Description:
 An issue was discovered in adns before 1.5.2. It fails to ignore apparent
 answers before the first RR that was found the first time. when this is
 fixed, the second answer scan finds the same RRs at the first. Otherwise,
 adns can be confused by interleaving answers for the CNAME target, with the
 CNAME itself. In that case the answer data structure (on the heap) can be
 overrun. With this fixed, it prefers to look only at the answer RRs which
 come after the CNAME, which is at least arguably correct.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H [9.8 CRITICAL]


Patches_adns:
upstream_adns: needs-triage
precise/esm_adns: DNE
trusty_adns: ignored (out of standard support)
trusty/esm_adns: DNE
xenial_adns: ignored (end of standard support, was needed)
bionic_adns: needed
eoan_adns: ignored (reached end-of-life)
focal_adns: needed
groovy_adns: not-affected (1.6.0-2)
hirsute_adns: not-affected (1.6.0-2)
impish_adns: not-affected (1.6.0-2)
jammy_adns: not-affected (1.6.0-2)
devel_adns: not-affected (1.6.0-2)