Unrated severityNVD Advisory· Published Jan 21, 2022· Updated Aug 4, 2024
CVE-2020-19861
CVE-2020-19861
Description
When a zone file in ldns 1.7.1 is parsed, the function ldns_nsec3_salt_data is too trusted for the length value obtained from the zone file. When the memcpy is copied, the 0xfe - ldns_rdf_size(salt_rdf) byte data can be copied, causing heap overflow information leakage.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
7- ldns/ldnsdescription
- osv-coords5 versionspkg:rpm/opensuse/ldns&distro=openSUSE%20Leap%2015.3pkg:rpm/opensuse/ldns&distro=openSUSE%20Tumbleweedpkg:rpm/suse/ldns&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Basesystem%2015%20SP3pkg:rpm/suse/ldns&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Development%20Tools%2015%20SP3pkg:rpm/suse/ldns&distro=SUSE%20Linux%20Enterprise%20Real%20Time%2015%20SP2
< 1.7.0-4.6.1+ 4 more
- (no CPE)range: < 1.7.0-4.6.1
- (no CPE)range: < 1.8.1-1.1
- (no CPE)range: < 1.7.0-4.6.1
- (no CPE)range: < 1.7.0-4.6.1
- (no CPE)range: < 1.7.0-4.6.1
Patches
Vulnerability mechanics
References
2- cwe.mitre.org/data/definitions/126.htmlmitrex_refsource_MISC
- github.com/NLnetLabs/ldns/issues/51mitrex_refsource_MISC
News mentions
0No linked articles in our index yet.