CVE-2011-3581

ldns < 1.6.11 - Heap-Based Buffer Overflow via Resource Record Type Handling

Title source: llm
STIX 2.1

Description

Heap-based buffer overflow in the ldns_rr_new_frm_str_internal function in ldns before 1.6.11 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a Resource Record (RR) with an unknown type containing input that is longer than a specified length.

References (11)

Core 11
Core References
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/46476
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/49748
Mailing List mailing-list x_refsource_mlist
http://seclists.org/oss-sec/2011/q3/542
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/46470
Mailing List mailing-list x_refsource_mlist
http://seclists.org/oss-sec/2011/q3/503
Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068239.html
Various Sources x_refsource_confirm
http://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=403
Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068201.html
Mailing List, Third Party Advisory vendor-advisory x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068091.html

Scores

EPSS 0.0411
EPSS Percentile 89.6%

Details

CWE
CWE-119
Status published
Products (26)
nlnetlabs/ldns 0.50
nlnetlabs/ldns 0.60
nlnetlabs/ldns 0.65
nlnetlabs/ldns 0.66
nlnetlabs/ldns 0.70
nlnetlabs/ldns 1.0.0
nlnetlabs/ldns 1.1.0
nlnetlabs/ldns 1.2.0
nlnetlabs/ldns 1.2.1
nlnetlabs/ldns 1.2.2
... and 16 more
Published Nov 04, 2011
Tracked Since Feb 18, 2026