| |
Vulnerability CVE-2023-50434
Published: 2024-04-29 Modified: 2024-04-30
| Description: |
emdns_resolve_raw in emdns.c in emdns through fbd1eef calls strlen with an input that may not be '\0' terminated, leading to a stack-based buffer over-read. This can be triggered by a remote adversary that can send DNS requests to the emdns server. The impact could vary depending on the system libraries, compiler, and processor architecture. Code before be565c3 is unaffected. |
References: |
https://papers.mathyvanhoef.com/esorics2024.pdf
|
|
|
Copyright 2024, cxsecurity.com
|
|
|
