Impact
The glibc functions ns_printrrf, ns_printrr and fp_nquery do not validate the RDATA length against the actual data in a DNS response for A6, CERT, LOC, TKEY or TSIG records. An attacker who can control such a response could trigger a buffer overread that causes the application to read uninitialized memory or crash. This corresponds to CWE-126 (Uninitialized Memory Read) and CWE-1284 (Buffer Over-read) and may lead to denial of service or inadvertent disclosure of memory contents.
Affected Systems
Affected vendor: GNU C Library (glibc). All versions between 2.0.1 and 2.43 contain the vulnerable debug functions. They were deprecated in 2.34 and remain in the code base for backward compatibility. Any application that invokes ns_printrrf, ns_printrr or fp_nquery—typically only for diagnostic purposes—may be impacted; standard DNS resolvers that do not call these functions are effectively immune.
Risk and Exploitability
The CVSS score of 6.5 indicates a moderate impact. The EPSS score of less than 1% shows a low likelihood of exploitation, and the vulnerability is not listed in CISA's KEV catalog. The attack path requires an adversary to influence a DNS response destined for an application that has called one of the deprecated debug functions. Because these functions are rarely used outside of debugging and are not part of the main DNS resolver path, the practical exploitation window is narrow. If an application does not call them, the risk is effectively zero. When invoked, the buffer overread can cause a crash or unintended disclosure of memory contents.
OpenCVE Enrichment