GHSA-9jcx-pr2f-qvq5
Suggest an improvement- Source
- https://github.com/advisories/GHSA-9jcx-pr2f-qvq5
- Import Source
- https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/05/GHSA-9jcx-pr2f-qvq5/GHSA-9jcx-pr2f-qvq5.json
- JSON Data
- https://api.osv.dev/v1/vulns/GHSA-9jcx-pr2f-qvq5
- Aliases
- Published
- 2021-05-18T18:34:25Z
- Modified
- 2024-05-20T19:40:31Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- miekg/dns parsing error leads to nil pointer dereference and DoS
- Details
-
An issue was discovered in
setTAinscan_rr.goin the Miek Gieben DNS library before 1.0.10 for Go. Adns.ParseZone()parsing error causes a segmentation violation, leading to denial of service. - Database specific
{ "nvd_published_at": null, "cwe_ids": [ "CWE-400" ], "severity": "HIGH", "github_reviewed": true, "github_reviewed_at": "2021-05-11T00:44:23Z" }- References
-
- https://nvd.nist.gov/vuln/detail/CVE-2018-17419
- https://github.com/miekg/dns/issues/742
- https://github.com/miekg/dns/pull/745/commits/f71d7d9d77d439b30a5e50900df5b1f988a50e5e
- https://github.com/miekg/dns/commit/501e858f679edecd4a38a86317ce50271014a80d
- https://github.com/miekg/dns
- https://pkg.go.dev/vuln/GO-2020-0028
Affected packages
Go / github.com/miekg/dns
Package
- Name
- github.com/miekg/dns
- View open source insights on deps.dev
- Purl
- pkg:golang/github.com/miekg/dns