Vulnerabilities > CVE-2019-13952 - Out-of-bounds Write vulnerability in Gdnsd

CVSS 9.8 - CRITICAL

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

HIGH

Integrity impact

HIGH

Availability impact

HIGH

network

low complexity

gdnsd

CWE-787

critical

NVD

Published: 2019-07-18

Updated: 2024-11-21

Summary

The set_ipv6() function in zscan_rfc1035.rl in gdnsd before 2.4.3 and 3.x before 3.2.1 has a stack-based buffer overflow via a long and malformed IPv6 address in zone data.

Vulnerable Configurations

Part	Description	Count
Application	Gdnsd Gdnsd Gdnsd 1.6.0 Gdnsd Gdnsd 1.6.1 Gdnsd Gdnsd 1.6.2 Gdnsd Gdnsd 1.6.3 Gdnsd Gdnsd 1.6.4 Gdnsd Gdnsd 1.6.5 Gdnsd Gdnsd 1.6.6 Gdnsd Gdnsd 1.6.7 Gdnsd Gdnsd 1.6.8 Gdnsd Gdnsd 1.6.9 Gdnsd Gdnsd 1.7.1 Gdnsd Gdnsd 1.7.2 Gdnsd Gdnsd 1.7.3 Gdnsd Gdnsd 1.7.4 Gdnsd Gdnsd 1.7.5 Gdnsd Gdnsd 1.7.6 Gdnsd Gdnsd 1.7.7 Gdnsd Gdnsd 1.7.8 Gdnsd Gdnsd 1.8.0 Gdnsd Gdnsd 1.8.1 Gdnsd Gdnsd 1.8.2 Gdnsd Gdnsd 1.8.3 Gdnsd Gdnsd 1.9.0 Gdnsd Gdnsd 1.10.0 Gdnsd Gdnsd 1.10.1 Gdnsd Gdnsd 1.11.0 Gdnsd Gdnsd 1.11.1 Gdnsd Gdnsd 1.11.2 Gdnsd Gdnsd 1.11.3 Gdnsd Gdnsd 1.11.4 Gdnsd Gdnsd 1.11.5 Gdnsd Gdnsd 2.0.0 Gdnsd Gdnsd 2.1.0 Gdnsd Gdnsd 2.1.1 Gdnsd Gdnsd 2.1.2 Gdnsd Gdnsd 2.1.3 Gdnsd Gdnsd 2.2.0 Gdnsd Gdnsd 2.2.1 Gdnsd Gdnsd 2.2.2 Gdnsd Gdnsd 2.2.3 Gdnsd Gdnsd 2.2.4 Gdnsd Gdnsd 2.2.5 Gdnsd Gdnsd 2.3.0 Gdnsd Gdnsd 2.3.1 Gdnsd Gdnsd 2.4.0 Gdnsd Gdnsd 2.4.1 Gdnsd Gdnsd 2.4.2 Gdnsd Gdnsd 3.0.0 Gdnsd Gdnsd 3.0.1 Gdnsd Gdnsd 3.1.0 Gdnsd Gdnsd 3.2.0	51

Common Weakness Enumeration (CWE)

CWE-787 - Out-of-bounds Write

Summary

Vulnerable Configurations

Common Weakness Enumeration (CWE)

References