CVE-2011-3581
ldns < 1.6.11 - Heap-Based Buffer Overflow via Resource Record Type Handling
Title source: llmDescription
Heap-based buffer overflow in the ldns_rr_new_frm_str_internal function in ldns before 1.6.11 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a Resource Record (RR) with an unknown type containing input that is longer than a specified length.
References (11)
Core 11
Core References
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/46476
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/49748
Mailing List mailing-list
x_refsource_mlist
http://seclists.org/oss-sec/2011/q3/542
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/46470
Mailing List mailing-list
x_refsource_mlist
http://seclists.org/oss-sec/2011/q3/503
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068239.html
Various Sources x_refsource_confirm
http://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=403
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068201.html
Mailing List, Third Party Advisory vendor-advisory
x_refsource_fedora
http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068091.html
Various Sources x_refsource_confirm
http://nlnetlabs.nl/svn/ldns/tags/release-1.6.11/Changelog
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2011-10/msg00008.html
Scores
EPSS
0.0411
EPSS Percentile
89.6%
Details
CWE
CWE-119
Status
published
Products (26)
nlnetlabs/ldns
0.50
nlnetlabs/ldns
0.60
nlnetlabs/ldns
0.65
nlnetlabs/ldns
0.66
nlnetlabs/ldns
0.70
nlnetlabs/ldns
1.0.0
nlnetlabs/ldns
1.1.0
nlnetlabs/ldns
1.2.0
nlnetlabs/ldns
1.2.1
nlnetlabs/ldns
1.2.2
... and 16 more
Published
Nov 04, 2011
Tracked Since
Feb 18, 2026