blob: 88c7a07fed7baa73a94db0c98167f080407149dd [file] [log] [blame]
id: GO-2020-0028
modules:
- module: github.com/miekg/dns
versions:
- fixed: 1.0.10
vulnerable_at: 1.0.9
packages:
- package: github.com/miekg/dns
symbols:
- setTA
derived_symbols:
- NewRR
- ParseZone
- ReadRR
summary: Denial of service via malformed zone file in github.com/miekg/dns
description: |-
Due to a nil pointer dereference, parsing a malformed zone file containing TA
records may cause a panic. If parsing user supplied input, this may be used as a
denial of service vector.
published: 2021-04-14T20:04:52Z
cves:
- CVE-2018-17419
ghsas:
- GHSA-9jcx-pr2f-qvq5
credits:
- '@tr3ee'
references:
- fix: https://github.com/miekg/dns/commit/501e858f679edecd4a38a86317ce50271014a80d
- report: https://github.com/miekg/dns/issues/742
review_status: REVIEWED