UBUNTU-CVE-2017-9109

See a problem?
Please try reporting it to the source first.

Source

https://ubuntu.com/security/CVE-2017-9109

Import Source

https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2017/UBUNTU-CVE-2017-9109.json

JSON Data

https://api.test.osv.dev/v1/vulns/UBUNTU-CVE-2017-9109

Related

CVE-2017-9109

Published

2020-06-18T14:15:00Z

Modified

2024-10-15T14:06:20Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

An issue was discovered in adns before 1.5.2. It fails to ignore apparent answers before the first RR that was found the first time. when this is fixed, the second answer scan finds the same RRs at the first. Otherwise, adns can be confused by interleaving answers for the CNAME target, with the CNAME itself. In that case the answer data structure (on the heap) can be overrun. With this fixed, it prefers to look only at the answer RRs which come after the CNAME, which is at least arguably correct.

References

Affected packages

Ubuntu:Pro:16.04:LTS / adns

Package

Name: adns
Purl: pkg:deb/ubuntu/adns?arch=src?distro=esm-apps/xenial

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.5.0~rc1-1ubuntu1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:Pro:18.04:LTS / adns

Package

Name: adns
Purl: pkg:deb/ubuntu/adns?arch=src?distro=esm-apps/bionic

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.5.0~rc1-1ubuntu1

1.5.0~rc1-1.1ubuntu1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:20.04:LTS / adns

Package

Name: adns
Purl: pkg:deb/ubuntu/adns?arch=src?distro=focal

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

1.*

1.5.1-0.1

Ecosystem specific

{
    "ubuntu_priority": "medium"
}

Ubuntu:22.04:LTS / adns

Package

Name: adns
Purl: pkg:deb/ubuntu/adns?arch=src?distro=jammy

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.6.0-2

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "1.6.0-2",
            "binary_name": "adns-tools"
        },
        {
            "binary_version": "1.6.0-2",
            "binary_name": "libadns1"
        },
        {
            "binary_version": "1.6.0-2",
            "binary_name": "libadns1-dbg"
        },
        {
            "binary_version": "1.6.0-2",
            "binary_name": "libadns1-dev"
        }
    ]
}

Ubuntu:24.04:LTS / adns

Package

Name: adns
Purl: pkg:deb/ubuntu/adns?arch=src?distro=noble

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.6.0-2

Ecosystem specific

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "1.6.0-2",
            "binary_name": "adns-tools"
        },
        {
            "binary_version": "1.6.0-2",
            "binary_name": "libadns1"
        },
        {
            "binary_version": "1.6.0-2",
            "binary_name": "libadns1-dbg"
        },
        {
            "binary_version": "1.6.0-2",
            "binary_name": "libadns1-dev"
        }
    ]
}