Vulnerabilities > Nlnetlabs > Ldns

DATE CVE VULNERABILITY TITLE RISK
2022-01-21 CVE-2020-19861 Out-of-bounds Read vulnerability in Nlnetlabs Ldns 1.7.1
When a zone file in ldns 1.7.1 is parsed, the function ldns_nsec3_salt_data is too trusted for the length value obtained from the zone file.
network
low complexity
nlnetlabs CWE-125
7.5
2022-01-21 CVE-2020-19860 Out-of-bounds Read vulnerability in Nlnetlabs Ldns 1.7.1
When ldns version 1.7.1 verifies a zone file, the ldns_rr_new_frm_str_internal function has a heap out of bounds read vulnerability.
network
nlnetlabs CWE-125
4.3
2017-11-17 CVE-2017-1000232 Double Free vulnerability in Nlnetlabs Ldns 1.7.0
A double-free vulnerability in str2host.c in ldns 1.7.0 have unspecified impact and attack vectors.
network
low complexity
nlnetlabs CWE-415
7.5
2017-11-17 CVE-2017-1000231 Double Free vulnerability in Nlnetlabs Ldns 1.7.0
A double-free vulnerability in parse.c in ldns 1.7.0 have unspecified impact and attack vectors.
network
low complexity
nlnetlabs CWE-415
7.5
2014-11-16 CVE-2014-3209 Permissions, Privileges, and Access Controls vulnerability in Nlnetlabs Ldns
The ldns-keygen tool in ldns 1.6.x uses the current umask to set the privileges of the private key, which might allow local users to obtain the private key by reading the file.
local
low complexity
nlnetlabs CWE-264
2.1
2011-11-04 CVE-2011-3581 Improper Restriction of Operations Within the Bounds of A Memory Buffer vulnerability in Nlnetlabs Ldns
Heap-based buffer overflow in the ldns_rr_new_frm_str_internal function in ldns before 1.6.11 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a Resource Record (RR) with an unknown type containing input that is longer than a specified length.
network
nlnetlabs CWE-119
6.8
2009-03-25 CVE-2009-1086 Resource Management Errors vulnerability in Nlnetlabs Ldns 1.4.0/1.4.1
Heap-based buffer overflow in the ldns_rr_new_frm_str_internal function in ldns 1.4.x allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via a DNS resource record (RR) with a long (1) class field (clas variable) and possibly (2) TTL field.
network
low complexity
nlnetlabs CWE-399
6.4