| Título | pymumu smartdns 47.1 Stack-based Buffer Overflow |
|---|
| Descrição | SmartDNS version 47.1 contains a stack-based buffer overflow vulnerability in the _dns_decode_SVCB_HTTPS function in src/dns.c. The issue occurs due to missing boundary checks in _dns_read_short when parsing malformed SVCB/HTTPS records. Remote attackers can exploit this via a crafted UDP packet to cause a Denial of Service (DoS) or potential information disclosure. The vendor has confirmed the issue and fixed it in commit 2d57c4b4e1add9b4537aeb403f794a084727e1c8. |
|---|
| Fonte | ⚠️ https://github.com/pymumu/smartdns/commit/2d57c4b4e1add9b4537aeb403f794a084727e1c8 |
|---|
| Utilizador | liloler (UID 94450) |
|---|
| Submissão | 13/01/2026 03h55 (há 4 meses) |
|---|
| Moderação | 25/01/2026 18h17 (13 days later) |
|---|
| Estado | Aceite |
|---|
| Entrada VulDB | 342841 [pymumu SmartDNS até 47.1 SVBC Record Parser src/dns.c _dns_decode_rr_head/_dns_decode_SVCB_HTTPS Excesso de tampão] |
|---|
| Pontos | 20 |
|---|