emdns_resolve_raw in emdns.c in emdns through fbd1eef calls strlen with an input that may not be '\0' terminated, leading to a stack-based buffer over-read. This can be triggered by a remote adversary that can send DNS requests to the emdns server. The impact could vary depending on the system libraries, compiler, and processor architecture. Code before be565c3 is unaffected.
Metrics
Affected Vendors & Products
References
Link | Providers |
---|---|
https://papers.mathyvanhoef.com/esorics2024.pdf |
History
No history.
MITRE
Status: PUBLISHED
Assigner: mitre
Published: 2024-04-29T00:00:00
Updated: 2024-08-02T22:16:46.661Z
Reserved: 2023-12-09T00:00:00
Link: CVE-2023-50434
Vulnrichment
Updated: 2024-08-02T22:16:46.661Z
NVD
Status : Awaiting Analysis
Published: 2024-04-29T22:15:06.883
Modified: 2024-08-01T13:45:24.853
Link: CVE-2023-50434
Redhat
No data.