AuroraMiddleware/glibc
1
0
Fork 0
mirror of https://sourceware.org/git/glibc.git synced 2024-11-09 23:00:07 +00:00
Code Issues Packages Projects Releases Wiki Activity
release/2.36/master
glibc/resolv/nss_dns
History
Florian Weimer 4ea972b7ed CVE-2023-4527: Stack read overflow with large TCP responses in no-aaaa mode 
Without passing alt_dns_packet_buffer, __res_context_search can only
store 2048 bytes (what fits into dns_packet_buffer).  However,
the function returns the total packet size, and the subsequent
DNS parsing code in _nss_dns_gethostbyname4_r reads beyond the end
of the stack-allocated buffer.

Fixes commit f282cdbe7f ("resolv: Implement no-aaaa
stub resolver option") and bug 30842.

(cherry picked from commit bd77dd7e73)
2023-09-13 14:37:57 +02:00
..
dns-canon.c Replace {u}int_fast{16|32} with {u}int32_t 2022-04-13 21:23:04 -05:00
dns-host.c CVE-2023-4527: Stack read overflow with large TCP responses in no-aaaa mode 2023-09-13 14:37:57 +02:00
dns-network.c Update copyright dates with scripts/update-copyrights 2022-01-01 11:40:24 -08:00