CVE-2017-9103

Priority
Description
An issue was discovered in adns before 1.5.2. pap_mailbox822 does not
properly check st from adns__findlabel_next. Without this, an uninitialised
stack value can be used as the first label length. Depending on the
circumstances, an attacker might be able to trick adns into crashing the
calling program, leaking aspects of the contents of some of its memory,
causing it to allocate lots of memory, or perhaps overrunning a buffer.
This is only possible with applications which make non-raw queries for SOA
or RP records.
Notes
Package
Source: adns (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):needed
Ubuntu 18.04 LTS (Bionic Beaver):needed
Ubuntu 20.04 LTS (Focal Fossa):needed
Ubuntu 20.10 (Groovy Gorilla):not-affected (1.6.0-2)
More Information

Updated: 2020-09-09 21:39:32 UTC (commit b67d7d8b03f173f825cd706df5bd078bca500b0e)