Bug/Vulnerability in `Dig' in latest dnsutils/bind9
Mukund Sivaraman
muks at isc.org
Tue Oct 28 11:41:51 UTC 2014
Hi Joshua
On Tue, Oct 28, 2014 at 07:30:45PM +1100, Joshua Rogers wrote:
> I'm not sure if this is really severe enough for a CVE-ID or not, but
> let me know about it anyways.
This crashes out almost immediately after next is assigned -1, by
dereferencing *(-1) which is likely not mapped on any platform. So I
don't think it's a severe or exploitable bug. The crash is the only
effect.
A fix is in review now.
Mukund
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 2881 bytes
Desc: not available
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20141028/ff05d3f5/attachment-0001.bin>
More information about the bind-users
mailing list