Potential memory exposure in dns-packet
High severity
GitHub Reviewed
Published
May 24, 2021
to the GitHub Advisory Database
•
Updated Feb 12, 2025
Description
Published by the National Vulnerability Database
May 20, 2021
Reviewed
May 21, 2021
Published to the GitHub Advisory Database
May 24, 2021
Last updated
Feb 12, 2025
This affects the package dns-packet before versions 1.3.2 and 5.2.2. It creates buffers with allocUnsafe and does not always fill them before forming network packets. This can expose internal application memory over unencrypted network when querying crafted invalid domain names.
References