Vulnerability Details CVE-2017-9430
Stack-based buffer overflow in dnstracer through 1.9 allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a command line with a long name argument that is mishandled in a strcpy call for argv[0]. An example threat model is a web application that launches dnstracer with an untrusted name string.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.165
EPSS Ranking 94.6%
CVSS Severity
CVSS v3 Score 9.8
CVSS v2 Score 7.5
References
- https://cxsecurity.com/issue/WLB-2017060030
- https://packetstormsecurity.com/files/142799/DNSTracer-1.8.1-Buffer-Overflow.html
- https://www.exploit-db.com/exploits/42115/
- https://www.exploit-db.com/exploits/42424/
- https://cxsecurity.com/issue/WLB-2017060030
- https://packetstormsecurity.com/files/142799/DNSTracer-1.8.1-Buffer-Overflow.html
- https://www.exploit-db.com/exploits/42115/
- https://www.exploit-db.com/exploits/42424/
Products affected by CVE-2017-9430
-
cpe:2.3:a:dnstracer_project:dnstracer:1.9