Description

emdns_resolve_raw in emdns.c in emdns through fbd1eef calls strlen with an input that may not be '\0' terminated, leading to a stack-based buffer over-read. This can be triggered by a remote adversary that can send DNS requests to the emdns server. The impact could vary depending on the system libraries, compiler, and processor architecture. Code before be565c3 is unaffected.

INFO

Published Date :

2024-04-29T00:00:00.000Z

Last Modified :

2024-08-02T22:16:46.661Z

Source :

mitre
AFFECTED PRODUCTS

The following products are affected by CVE-2023-50434 vulnerability.

No data.

REFERENCES

Here, you will find a curated list of external links that provide in-depth information to CVE-2023-50434.

URL Resource
https://papers.mathyvanhoef.com/esorics2024.pdf cve-icon cve-icon cve-icon
Login to claim this CVE

CVSS Vulnerability Scoring System

Detailed values of each vector for above chart.
Attack Vector
Attack Complexity
Privileges Required
User Interaction
Scope
Confidentiality Impact
Integrity Impact
Availability Impact