oss-sec mailing list archives

Re: CVE request: heap-based buffer overflow in ldns

From: Josh Bressers <bressers () redhat com>
Date: Fri, 30 Sep 2011 10:36:04 -0400 (EDT)

Please use CVE-2011-3581 for this.

Thanks.

-- 
    JB

----- Original Message -----

Could a CVE be assigned to this flaw?  A boundary error in
ldns_rr_new_frm_str_internal() could lead to a heap-based buffer
overfow
when processing RR records.

http://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=403
https://secunia.com/advisories/46153/
https://bugzilla.redhat.com/show_bug.cgi?id=741024

Thanks.

--
Vincent Danen / Red Hat Security Response Team

Current thread:

CVE request: heap-based buffer overflow in ldns Vincent Danen (Sep 24)
- Re: CVE request: heap-based buffer overflow in ldns Josh Bressers (Sep 30)