New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Heap Out-of-bound Read vulnerability #51
Comments
ldns_nsec3_salt_data reported by pokerfacett.
|
Thanks! I applied your suggestion (with a cast to size_t to make the 255 case and also compiler signedness warnings work). |
hi ,could you report this in security advisory and help to request a CVE for us:https://help.github.com/cn/github/managing-security-vulnerabilities/publishing-a-security-advisory |
|
Hi @pokerfacett , we don't think a CVE is necessary, but we will work to a release with the issue fixed on a short term. |
|
CVE-2020-19861 was assigned for this issue |
Description:
When the zone file is parsed, the function ldns_nsec3_salt_data is too trusted for the length value obtained from the zone file. When the memcpy is copied, the 0xfe - ldns_rdf_size(salt_rdf) byte data can be copied, causing heap information leakage.

Vulnerability location:
fuzz log:
INFO-w100wcrash.docx
fuzz payload:
w100wcrash-8f078e69e2781bbc4811a12d51df1c8674672306.txt
Repaire Suggestion:
The text was updated successfully, but these errors were encountered: