CVE-2026-10846
- EPSS 0.15%
- Veröffentlicht 10.06.2026 06:37:59
- Zuletzt bearbeitet 10.06.2026 20:13:47
NLnet Labs ldns 1.2.0 up to and including versions 1.9.0, when used in applications as (stub) resolver over UDP, lacks matching the query destination address and port with the response source address and port. Furthermore not the query ID, neither th...
CVE-2020-19861
- EPSS 1.49%
- Veröffentlicht 21.01.2022 15:15:07
- Zuletzt bearbeitet 21.11.2024 05:09:26
When a zone file in ldns 1.7.1 is parsed, the function ldns_nsec3_salt_data is too trusted for the length value obtained from the zone file. When the memcpy is copied, the 0xfe - ldns_rdf_size(salt_rdf) byte data can be copied, causing heap overflow ...
CVE-2020-19860
- EPSS 1.31%
- Veröffentlicht 21.01.2022 14:15:07
- Zuletzt bearbeitet 21.11.2024 05:09:26
When ldns version 1.7.1 verifies a zone file, the ldns_rr_new_frm_str_internal function has a heap out of bounds read vulnerability. An attacker can leak information on the heap by constructing a zone file payload.
CVE-2017-1000231
- EPSS 2.65%
- Veröffentlicht 17.11.2017 04:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
A double-free vulnerability in parse.c in ldns 1.7.0 have unspecified impact and attack vectors.
CVE-2017-1000232
- EPSS 2.3%
- Veröffentlicht 17.11.2017 04:29:00
- Zuletzt bearbeitet 13.05.2026 00:24:29
A double-free vulnerability in str2host.c in ldns 1.7.0 have unspecified impact and attack vectors.
CVE-2014-3209
- EPSS 0.38%
- Veröffentlicht 16.11.2014 01:59:03
- Zuletzt bearbeitet 06.05.2026 22:30:45
The ldns-keygen tool in ldns 1.6.x uses the current umask to set the privileges of the private key, which might allow local users to obtain the private key by reading the file.
CVE-2011-3581
- EPSS 4.11%
- Veröffentlicht 04.11.2011 21:55:06
- Zuletzt bearbeitet 16.06.2026 23:33:32
Heap-based buffer overflow in the ldns_rr_new_frm_str_internal function in ldns before 1.6.11 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a Resource Record (RR) with an unknown type containing ...
CVE-2009-1086
- EPSS 3.47%
- Veröffentlicht 25.03.2009 18:30:00
- Zuletzt bearbeitet 16.06.2026 23:06:28
Heap-based buffer overflow in the ldns_rr_new_frm_str_internal function in ldns 1.4.x allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via a DNS resource record (RR) with a long (1) class fi...