Unrated severityNVD Advisory· Published Jan 21, 2022· Updated Aug 4, 2024
CVE-2020-19860
CVE-2020-19860
Description
When ldns version 1.7.1 verifies a zone file, the ldns_rr_new_frm_str_internal function has a heap out of bounds read vulnerability. An attacker can leak information on the heap by constructing a zone file payload.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
7- ldns/ldnsdescription
- osv-coords5 versionspkg:rpm/opensuse/ldns&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/ldns&distro=openSUSE%20Tumbleweedpkg:rpm/suse/ldns&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP3pkg:rpm/suse/ldns&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP3pkg:rpm/suse/ldns&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2015%20SP2
< 1.7.0-4.6.1+ 4 more
- (no CPE)range: < 1.7.0-4.6.1
- (no CPE)range: < 1.8.1-1.1
- (no CPE)range: < 1.7.0-4.6.1
- (no CPE)range: < 1.7.0-4.6.1
- (no CPE)range: < 1.7.0-4.6.1
Patches
Vulnerability mechanics
References
2- github.com/NLnetLabs/ldns/commit/15d96206996bea969fbc918eb0a4a346f514b9f3mitrex_refsource_MISC
- github.com/NLnetLabs/ldns/issues/50mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.