CVE-2020-19860
Published: 21 January 2022
When ldns version 1.7.1 verifies a zone file, the ldns_rr_new_frm_str_internal function has a heap out of bounds read vulnerability. An attacker can leak information on the heap by constructing a zone file payload.
Priority
CVSS 3 base score: 6.5
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-19860
- https://github.com/NLnetLabs/ldns/issues/50
- https://github.com/NLnetLabs/ldns/commit/15d96206996bea969fbc918eb0a4a346f514b9f3
- https://github.com/NLnetLabs/ldns/commit/4e9861576a600a5ecfa16ec2de853c90dd9ce276
- https://ubuntu.com/security/notices/USN-5257-1
- NVD
- Launchpad
- Debian