CVE-2020-19860

Published January 21st, 2022

View on NVD ↗

CVSS v3

6.5

MEDIUM

CVSS v2

4.3

MEDIUM

Affected

PROJECT

Description

When ldns version 1.7.1 verifies a zone file, the ldns_rr_new_frm_str_internal function has a heap out of bounds read vulnerability. An attacker can leak information on the heap by constructing a zone file payload.

NLnetLabs/ldns

LDNS is a DNS library that facilitates DNS tool programming

GitHub

350