Products
emdns
- before be565c3
Source
cve@mitre.org
Tags
CVE-2023-50434 details
Published : April 29, 2024, 10:15 p.m.
Last Modified : April 29, 2024, 10:15 p.m.
Last Modified : April 29, 2024, 10:15 p.m.
Description
emdns_resolve_raw in emdns.c in emdns through fbd1eef calls strlen with an input that may not be '\0' terminated, leading to a stack-based buffer over-read. This can be triggered by a remote adversary that can send DNS requests to the emdns server. The impact could vary depending on the system libraries, compiler, and processor architecture. Code before be565c3 is unaffected.
CVSS Score
1 | 2 | 3 | 4 | 5 | 6 | 7 | 8 | 9 | 10 |
---|
Weakness
Weakness | Name | Description |
---|
References
URL | Source |
---|---|
https://papers.mathyvanhoef.com/esorics2024.pdf | cve@mitre.org |
This website uses the NVD API, but is not approved or certified by it.