CVE-2020-17467

An issue was discovered in FNET through 4.6.4. The code for processing the hostname from an LLMNR request doesn't check for '\0' termination. Therefore, the deduced length of the hostname doesn't reflect the correct length of the actual data. This may lead to Information Disclosure in _fnet_llmnr_poll in fnet_llmnr.c during a response to a malicious request of the DNS class IN.
References
Link Resource
http://fnet.sourceforge.net/manual/fnet_history.html Release Notes Third Party Advisory
https://us-cert.cisa.gov/ics/advisories/icsa-20-343-01 Third Party Advisory US Government Resource
https://www.kb.cert.org/vuls/id/815128 Third Party Advisory US Government Resource
http://fnet.sourceforge.net/manual/fnet_history.html Release Notes Third Party Advisory
https://us-cert.cisa.gov/ics/advisories/icsa-20-343-01 Third Party Advisory US Government Resource
https://www.kb.cert.org/vuls/id/815128 Third Party Advisory US Government Resource
Configurations

Configuration 1 (hide)

cpe:2.3:a:butok:fnet:*:*:*:*:*:*:*:*

History

21 Nov 2024, 05:08

Type Values Removed Values Added
References () http://fnet.sourceforge.net/manual/fnet_history.html - Release Notes, Third Party Advisory () http://fnet.sourceforge.net/manual/fnet_history.html - Release Notes, Third Party Advisory
References () https://us-cert.cisa.gov/ics/advisories/icsa-20-343-01 - Third Party Advisory, US Government Resource () https://us-cert.cisa.gov/ics/advisories/icsa-20-343-01 - Third Party Advisory, US Government Resource
References () https://www.kb.cert.org/vuls/id/815128 - Third Party Advisory, US Government Resource () https://www.kb.cert.org/vuls/id/815128 - Third Party Advisory, US Government Resource

12 Oct 2023, 18:31

Type Values Removed Values Added
CPE cpe:2.3:a:fnet_project:fnet:*:*:*:*:*:*:*:* cpe:2.3:a:butok:fnet:*:*:*:*:*:*:*:*
First Time Butok fnet
Butok

Information

Published : 2020-12-11 23:15

Updated : 2024-11-21 05:08


NVD link : CVE-2020-17467

Mitre link : CVE-2020-17467

CVE.ORG link : CVE-2020-17467


JSON object : View

Products Affected

butok

  • fnet
CWE
CWE-125

Out-of-bounds Read