Heap OOB reads in dirmngr DNS CERT/DANE parsing
Closed, ResolvedPublic

Assigned To
Authored By
gniibe
Tue, Jun 23, 4:02 AM

Description

The report says:

CVSS 3.1: 6.5 (AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H)
CWE: CWE-125 (Out-of-bounds Read), CWE-20 (Improper Input Validation)
Auth: None (malicious DNS server on network path)
Version: 2.5.20, master commit d3822099fdd4 (2026-06-19)
Build: HAVE_SYSTEM_RESOLVER (standard on most Linux distributions)

File: dirmngr/dns-stuff.c, get_dns_cert_standard(), lines 1607-1784

Event Timeline

werner lowered the priority of this task from Unbreak Now! to High.Tue, Jun 23, 1:42 PM
werner added projects: dns, Keyserver, gnupg26.

An OOB-Read in dirmngr is not very critical. dirmngr has no confidential data which can be leaked except maybe for an LDAP password in memory. Thus I lower the priority.

gniibe changed the task status from Open to Testing.Fri, Jun 26, 6:45 AM
gniibe mentioned this in Unknown Object (Maniphest Task).Mon, Jun 29, 2:51 AM
werner claimed this task.
gniibe shifted this object from the Restricted Space space to the S1 Public space.Fri, Jul 3, 1:49 AM
gniibe updated the task description. (Show Details)
gniibe changed the visibility from "g10code (Project)" to "Public (No Login Required)".