CVE-2023-50434 Information

Description

emdns_resolve_raw in emdns.c in emdns through fbd1eef calls strlen with an input that may not be ‘\0’ terminated leading to a stack-based buffer over-read. This can be triggered by a remote adversary that can send DNS requests to the emdns server. The impact could vary depending on the system libraries compiler and processor architecture. Code before be565c3 is unaffected.

Reference

https://papers.mathyvanhoef.com/esorics2024.pdf