An issue was discovered in FNET through 4.6.4. The code for processing the hostname from an LLMNR request doesn't check for '\0' termination. Therefore, the deduced length of the hostname doesn't reflect the correct length of the actual data. This may lead to Information Disclosure in _fnet_llmnr_poll in fnet_llmnr.c during a response to a malicious request of the DNS class IN.
References
Link | Resource |
---|---|
http://fnet.sourceforge.net/manual/fnet_history.html | Release Notes Third Party Advisory |
https://us-cert.cisa.gov/ics/advisories/icsa-20-343-01 | Third Party Advisory US Government Resource |
https://www.kb.cert.org/vuls/id/815128 | Third Party Advisory US Government Resource |
http://fnet.sourceforge.net/manual/fnet_history.html | Release Notes Third Party Advisory |
https://us-cert.cisa.gov/ics/advisories/icsa-20-343-01 | Third Party Advisory US Government Resource |
https://www.kb.cert.org/vuls/id/815128 | Third Party Advisory US Government Resource |
Configurations
History
21 Nov 2024, 05:08
Type | Values Removed | Values Added |
---|---|---|
References | () http://fnet.sourceforge.net/manual/fnet_history.html - Release Notes, Third Party Advisory | |
References | () https://us-cert.cisa.gov/ics/advisories/icsa-20-343-01 - Third Party Advisory, US Government Resource | |
References | () https://www.kb.cert.org/vuls/id/815128 - Third Party Advisory, US Government Resource |
12 Oct 2023, 18:31
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:butok:fnet:*:*:*:*:*:*:*:* | |
First Time |
Butok fnet
Butok |
Information
Published : 2020-12-11 23:15
Updated : 2024-11-21 05:08
NVD link : CVE-2020-17467
Mitre link : CVE-2020-17467
CVE.ORG link : CVE-2020-17467
JSON object : View
Products Affected
butok
- fnet
CWE
CWE-125
Out-of-bounds Read