CVE-2026-14461 in mtrالمعلومات

الملخص

بحسب MITRE • 10/07/2026

mtr is vulnerable to Out-of-bound read vulnerability in ipinfo_lookup() function. An attacker who can influence the TXT response used for AS lookups can trigger this bug by returning a DNS response that is larger than 512 bytes and uses a crafted compression pointer in the answer NAME field. ipinfo_lookup() function uses the length of the response as the end-of-message boundary for dn_expand() function. The result is a reliable crash.


This issue exists in the mtr through version 0.96 and it was fixed in commit 48e1794414d338ce47abc0f27c25ade8788af9c3.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

مسؤول

CERT-PL

حجز

02/07/2026

إفشاء

10/07/2026

الاعتدال

تمت الموافقة

إدخال

VDB-377472

EPSS

0.00000

KEV

لا

النشاطات

منخفض

المصادر

Do you know our Splunk app?

Download it now for free!