CVE-2017-9430

EPSS 11.3%

Stack-based buffer overflow in dnstracer through 1.9 allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a command line with a long name argument that is mishandled in a strcpy call for argv[0]. An example threat model is a web application that launches dnstracer with an untrusted name string.

Affected products

n/a · n/a

public PoCs found — 7

githubgithub.com/homjxi0e/CVE-2017-9430★ 0 githubgithub.com/j0lama/Dnstracer-1.9-Fix★ 0 cve_referencewww.exploit-db.com/exploits/42424/unverified cve_referencepacketstormsecurity.com/files/142799/DNSTracer-1.8.1-Buffer-Overflow.htmlunverified exploitdbwww.exploit-db.com/exploits/42424unverified exploitdbwww.exploit-db.com/exploits/42115unverified cve_referencewww.exploit-db.com/exploits/42115/unverified

⚠ Public resources, to assess the exposure of systems you control or are authorized to test. Test only with authorization.

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://cxsecurity.com/issue/WLB-2017060030 https://packetstormsecurity.com/files/142799/DNSTracer-1.8.1-Buffer-Overflow.html https://www.exploit-db.com/exploits/42115/https://www.exploit-db.com/exploits/42424/