Lucene search

GoogleOSV:CVE-2020-19860

HistoryJan 21, 2022 - 2:15 p.m.

CVE-2020-19860

2022-01-2114:15:07

Google

osv.dev

ldns

version 1.7.1

heap vulnerability

zone file

information leakage

AI Score

6.4

Confidence

Low

EPSS

0.002

Percentile

52.0%

JSON

When ldns version 1.7.1 verifies a zone file, the ldns_rr_new_frm_str_internal function has a heap out of bounds read vulnerability. An attacker can leak information on the heap by constructing a zone file payload.

References

github.com/NLnetLabs/ldns/commit/15d96206996bea969fbc918eb0a4a346f514b9f3

github.com/NLnetLabs/ldns/issues/50