Back

CVE-2023-50434

April 29, 2024, 10:15 p.m.

Received
CVE has been recently published to the CVE List and has been received by the NVD.

Products

emdns

  • before be565c3

Source

cve@mitre.org

Tags

CVE-2023-50434 details

Published : April 29, 2024, 10:15 p.m.
Last Modified : April 29, 2024, 10:15 p.m.

Description

emdns_resolve_raw in emdns.c in emdns through fbd1eef calls strlen with an input that may not be '\0' terminated, leading to a stack-based buffer over-read. This can be triggered by a remote adversary that can send DNS requests to the emdns server. The impact could vary depending on the system libraries, compiler, and processor architecture. Code before be565c3 is unaffected.

CVSS Score

1 2 3 4 5 6 7 8 9 10

Weakness

Weakness Name Description

References

URL Source
https://papers.mathyvanhoef.com/esorics2024.pdf cve@mitre.org
This website uses the NVD API, but is not approved or certified by it.