Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
6.8
CVSSv2

CVE-2011-3581

Published: 04/11/2011 Updated: 08/12/2016
CVSS v2 Base Score: 6.8 | Impact Score: 6.4 | Exploitability Score: 8.6
VMScore: 605
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:P
Subscribe to Ldns

Vulnerability Summary

Heap-based buffer overflow in the ldns_rr_new_frm_str_internal function in ldns prior to 1.6.11 allows remote malicious users to cause a denial of service (crash) and possibly execute arbitrary code via a Resource Record (RR) with an unknown type containing input that is longer than a specified length.

Vulnerable Product Search on Vulmon Subscribe to Product

nlnetlabs ldns 1.6.5

nlnetlabs ldns 1.6.4

nlnetlabs ldns 1.4.1

nlnetlabs ldns 1.4.0

nlnetlabs ldns 0.70

nlnetlabs ldns 1.6.9

nlnetlabs ldns 1.6.8

nlnetlabs ldns 1.6.1

nlnetlabs ldns 1.6.0

nlnetlabs ldns 1.2.1

nlnetlabs ldns 1.2.0

nlnetlabs ldns

nlnetlabs ldns 1.6.7

nlnetlabs ldns 1.6.6

nlnetlabs ldns 1.5.1

nlnetlabs ldns 1.5.0

nlnetlabs ldns 1.1.0

nlnetlabs ldns 1.0.0

nlnetlabs ldns 0.66

nlnetlabs ldns 1.6.3

nlnetlabs ldns 1.6.2

nlnetlabs ldns 1.3

nlnetlabs ldns 1.2.2

nlnetlabs ldns 0.65

nlnetlabs ldns 0.60

nlnetlabs ldns 0.50

Vendor Advisories

Debian CVElist Bug Report Logs: CVE-2011-3581: heap overflow flaw in ldns_rr_new_frm_str_internal()
Debian Bug report logs - #647297 CVE-2011-3581: heap overflow flaw in ldns_rr_new_frm_str_internal() Package: ldns; Maintainer for ldns is Debian DNS Team <team+dns@trackerdebianorg>; Reported by: Moritz Muehlenhoff <muehlenhoff@univentionde> Date: Tue, 1 Nov 2011 17:30:02 UTC Severity: grave Tags: security Fixe ...
Debian Security Advisories: DSA-2353-1 ldns -- buffer overflow
David Wheeler discovered a buffer overflow in ldns's code to parse RR records, which could lead to the execution of arbitrary code For the oldstable distribution (lenny), this problem has been fixed in version 140-1+lenny2 For the stable distribution (squeeze), this problem has been fixed in version 166-2+squeeze1 For the unstable distributi ...

References

CWE-119http://secunia.com/advisories/46476http://secunia.com/advisories/46470http://lists.opensuse.org/opensuse-security-announce/2011-10/msg00008.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2011-October/068091.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2011-October/068201.htmlhttp://seclists.org/oss-sec/2011/q3/542http://lists.fedoraproject.org/pipermail/package-announce/2011-October/068239.htmlhttp://nlnetlabs.nl/svn/ldns/tags/release-1.6.11/Changeloghttp://www.nlnetlabs.nl/bugs-script/show_bug.cgi?id=403http://seclists.org/oss-sec/2011/q3/503http://www.securityfocus.com/bid/49748https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=647297https://nvd.nist.govhttps://www.debian.org/security/./dsa-2353
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2006-4304CVE-2024-4240arbitrary CVE-2024-31601XSSCVE-2023-20198CVE-2024-4256CVE-2024-3342encryption
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook