| Titel | pymumu smartdns 47.1 Stack-based Buffer Overflow |
|---|
| Beschreibung | SmartDNS version 47.1 contains a stack-based buffer overflow vulnerability in the _dns_decode_SVCB_HTTPS function in src/dns.c. The issue occurs due to missing boundary checks in _dns_read_short when parsing malformed SVCB/HTTPS records. Remote attackers can exploit this via a crafted UDP packet to cause a Denial of Service (DoS) or potential information disclosure. The vendor has confirmed the issue and fixed it in commit 2d57c4b4e1add9b4537aeb403f794a084727e1c8. |
|---|
| Quelle | ⚠️ https://github.com/pymumu/smartdns/commit/2d57c4b4e1add9b4537aeb403f794a084727e1c8 |
|---|
| Benutzer | liloler (UID 94450) |
|---|
| Einreichung | 13.01.2026 03:55 (vor 4 Monaten) |
|---|
| Moderieren | 25.01.2026 18:17 (13 days later) |
|---|
| Status | Akzeptiert |
|---|
| VulDB Eintrag | 342841 [pymumu SmartDNS bis 47.1 SVBC Record Parser src/dns.c _dns_decode_rr_head/_dns_decode_SVCB_HTTPS Pufferüberlauf] |
|---|
| Punkte | 20 |
|---|