CVE-2020-19861
Summary
| CVE | CVE-2020-19861 |
|---|---|
| State | PUBLIC |
| Assigner | [email protected] |
| Source Priority | CVE Program / NVD first with legacy fallback |
| Published | 2022-01-21 15:15:00 UTC |
| Updated | 2022-10-05 17:08:00 UTC |
| Description | When a zone file in ldns 1.7.1 is parsed, the function ldns_nsec3_salt_data is too trusted for the length value obtained from the zone file. When the memcpy is copied, the 0xfe - ldns_rdf_size(salt_rdf) byte data can be copied, causing heap overflow information leakage. |
Risk And Classification
Problem Types: CWE-125
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|---|---|---|
| CWE - CWE-126: Buffer Over-read (4.3) | MISC | cwe.mitre.org | |
| Heap Out-of-bound Read vulnerability · Issue #51 · NLnetLabs/ldns · GitHub | MISC | github.com | |
| CVE Program record | CVE.ORG | www.cve.org | canonical |
| NVD vulnerability detail | NVD | nvd.nist.gov | canonical, analysis |
No vendor comments have been submitted for this CVE.
Legacy QID Mappings
- 179054 Debian Security Update for ldns (DLA 2910-1)
- 198649 Ubuntu Security Notification for ldns Vulnerabilities (USN-5257-1)
- 671564 EulerOS Security Update for ldns (EulerOS-SA-2022-1572)
- 671580 EulerOS Security Update for ldns (EulerOS-SA-2022-1538)
- 671685 EulerOS Security Update for ldns (EulerOS-SA-2022-1737)
- 751778 OpenSUSE Security Update for ldns (openSUSE-SU-2022:0675-1)
- 751992 SUSE Enterprise Linux Security Update for ldns (SUSE-SU-2022:0675-1)