CVE-2020-17467

See a problem?
Source
https://nvd.nist.gov/vuln/detail/CVE-2020-17467
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-17467.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2020-17467
Published
2020-12-11T23:15:13Z
Modified
2024-09-03T03:18:57.830159Z
Severity
  • 9.1 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:H CVSS Calculator
Summary
[none]
Details

An issue was discovered in FNET through 4.6.4. The code for processing the hostname from an LLMNR request doesn't check for '\0' termination. Therefore, the deduced length of the hostname doesn't reflect the correct length of the actual data. This may lead to Information Disclosure in fnetllmnrpoll in fnetllmnr.c during a response to a malicious request of the DNS class IN.

References

Affected packages

Git / github.com/butok/fnet

Affected ranges

Type
GIT
Repo
https://github.com/butok/fnet
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Last affected

Affected versions

3.*

3.1.1
3.6.0

FNET_3.*

FNET_3.3.0

v3.*

v3.0.0
v3.2.0
v3.4.0
v3.5.0
v3.6.1
v3.7.0
v3.8.0
v3.8.1
v3.8.2
v3.9.0
v3.9.1
v3.9.2
v3.9.3
v3.9.3pre
v3.9.3prev
v3.9.3updated
v3.9.4

v4.*

v4.0.0
v4.0.1
v4.0.2
v4.1.0
v4.1.1
v4.2.0
v4.3.0
v4.4.0
v4.4.1
v4.5.0
v4.5.1
v4.5.2
v4.5.3
v4.6.0
v4.6.1
v4.6.2
v4.6.3
v4.6.4