UBUNTU-CVE-2017-9107

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2017-9107

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2017/UBUNTU-CVE-2017-9107.json

JSON Data

https://api.test.osv.dev/v1/vulns/UBUNTU-CVE-2017-9107

Related

CVE-2017-9107

Published

2020-06-18T14:15:00Z

Modified

2024-10-15T14:06:20Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

An issue was discovered in adns before 1.5.2. It overruns reading a buffer if a domain ends with backslash. If the query domain ended with \, and adnsqfquoteok_query was specified, qdparselabel would read additional bytes from the buffer and try to treat them as the escape sequence. It would depart the input buffer and start processing many bytes of arbitrary heap data as if it were the query domain. Eventually it would run out of input or find some other kind of error, and declare the query domain invalid. But before then it might outrun available memory and crash. In principle this could be a denial of service attack.

References

Affected packages

Ubuntu:Pro:16.04:LTS / adns

Package

Name: adns
Purl: pkg:deb/ubuntu/adns?arch=src?distro=esm-apps/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.5.0~rc1-1ubuntu1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:Pro:18.04:LTS / adns

Package

Name: adns
Purl: pkg:deb/ubuntu/adns?arch=src?distro=esm-apps/bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.5.0~rc1-1ubuntu1

1.5.0~rc1-1.1ubuntu1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:20.04:LTS / adns

Package

Name: adns
Purl: pkg:deb/ubuntu/adns?arch=src?distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.5.1-0.1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:22.04:LTS / adns

Package

Name: adns
Purl: pkg:deb/ubuntu/adns?arch=src?distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.6.0-2

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "1.6.0-2",
            "binary_name": "adns-tools"
        },
        {
            "binary_version": "1.6.0-2",
            "binary_name": "libadns1"
        },
        {
            "binary_version": "1.6.0-2",
            "binary_name": "libadns1-dbg"
        },
        {
            "binary_version": "1.6.0-2",
            "binary_name": "libadns1-dev"
        }
    ]
}

Ubuntu:24.04:LTS / adns

Package

Name: adns
Purl: pkg:deb/ubuntu/adns?arch=src?distro=noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.6.0-2

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "1.6.0-2",
            "binary_name": "adns-tools"
        },
        {
            "binary_version": "1.6.0-2",
            "binary_name": "libadns1"
        },
        {
            "binary_version": "1.6.0-2",
            "binary_name": "libadns1-dbg"
        },
        {
            "binary_version": "1.6.0-2",
            "binary_name": "libadns1-dev"
        }
    ]
}