Critical severity9.8NVD Advisory· Published Apr 29, 2024· Updated Apr 15, 2026

CVE-2023-50434

Description

emdns_resolve_raw in emdns.c in emdns through fbd1eef calls strlen with an input that may not be '\0' terminated, leading to a stack-based buffer over-read. This can be triggered by a remote adversary that can send DNS requests to the emdns server. The impact could vary depending on the system libraries, compiler, and processor architecture. Code before be565c3 is unaffected.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

papers.mathyvanhoef.com/esorics2024.pdfnvd

News mentions

No linked articles in our index yet.

cvss	0.637
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000