DEBIAN-CVE-2009-1086

See a problem?
Please try reporting it to the source first.

Source

https://security-tracker.debian.org/tracker/CVE-2009-1086

Import Source

https://storage.googleapis.com/debian-osv/debian-cve-osv/DEBIAN-CVE-2009-1086.json

JSON Data

https://api.osv.dev/v1/vulns/DEBIAN-CVE-2009-1086

Upstream

CVE-2009-1086

Published

2009-03-25T18:30:00Z

Modified

2025-09-25T00:09:54.034100Z

Summary

[none]

Details

Heap-based buffer overflow in the ldnsrrnewfrmstr_internal function in ldns 1.4.x allows remote attackers to cause a denial of service (memory corruption) and possibly execute arbitrary code via a DNS resource record (RR) with a long (1) class field (clas variable) and possibly (2) TTL field.

References

https://security-tracker.debian.org/tracker/CVE-2009-1086

Affected packages

Debian:11 / ldns

Package

Name: ldns
Purl: pkg:deb/debian/ldns?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.5.1-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / ldns

Package

Name: ldns
Purl: pkg:deb/debian/ldns?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.5.1-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / ldns

Package

Name: ldns
Purl: pkg:deb/debian/ldns?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.5.1-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:14 / ldns

Package

Name: ldns
Purl: pkg:deb/debian/ldns?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.5.1-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}