Jump to:

CVE-2017-9430

Jump to:

CVE-2017-9430

Package dnstracer updated to version 1.9-alt2 for branch sisyphus in task 263583.

Published: 2017-06-05
Modified: 2024-11-21

CVE-2017-9430

Stack-based buffer overflow in dnstracer through 1.9 allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a command line with a long name argument that is mishandled in a strcpy call for argv[0]. An example threat model is a web application that launches dnstracer with an untrusted name string.

Severity: CRITICAL (9.8) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

References:

https://cxsecurity.com/issue/WLB-2017060030
https://cxsecurity.com/issue/WLB-2017060030
https://packetstormsecurity.com/files/142799/DNSTracer-1.8.1-Buffer-Overflow.html
https://packetstormsecurity.com/files/142799/DNSTracer-1.8.1-Buffer-Overflow.html
42115
42115
42424
42424

Version: 2.1.0

Package dnstracer update in sisyphus on 2020-12-17

ALT-PU-2020-3523-1

Closed vulnerabilities

CVE-2017-9430