VDB
CVE-2017-9108
CVE-2017-9108
PUBLISHED
An issue was discovered in adns before 1.5.2. adnshost mishandles a missing final newline on a stdin read. It is wrong to increment used as well as setting r, since used is incremented according to r, later. Rather one should be doing what read() would have done. Without this fix, adnshost may read and process one byte beyond the buffer, perhaps crashing or perhaps somehow leaking the value of that byte.
EPSS 0.56% · 68.8th percentile
Risk Scores
EPSS Score
0.56%
68.8th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:16.04:LTS | adns | 0, 1.5.0~rc1-1ubuntu1 |
| Ubuntu:20.04:LTS | adns | 0, 1.5.1-0.1 |
| Ubuntu:18.04:LTS | adns | 1.5.0~rc1-1ubuntu1, 1.5.0~rc1-1.1ubuntu1, 0 |
Exploit Intelligence
- http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=adns.git (circl)
- https://www.chiark.greenend.org.uk/pipermail/adns-announce/2020/000004.html (circl)
- http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=adns.git%3Ba=blob%3Bf=changelog (circl)
- FEDORA-2020-530188bf36 (circl)
- FEDORA-2020-e59bcaf702 (circl)
Timeline
- Jun 17, 2020 CVE Published
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Oct 26, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Feb 28, 2022 EPSS Score
- May 2, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Sep 5, 2022 EPSS Score
- Nov 6, 2022 EPSS Score
- Jan 8, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2017-9108 third-party-advisory
- http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=adns.git;a=commit;h=72c6bfd77dfdb34457a792874fd1c3030fca90ac third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2017-9108 third-party-advisory