Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
dns: memory‑safety issue in the DNS name parser
Vulnerability Description
dns_unpack_name() caches the buffer tailroom once and reuses it while appending DNS labels. As the buffer grows, the cached size becomes incorrect, and the final null terminator can be written past the buffer. With assertions disabled (default), a malicious DNS response can trigger an out-of-bounds write when CONFIG_DNS_RESOLVER is enabled.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:H/A:H
Vulnerability Type
跨界内存写
Vulnerability Title
Zephyr 安全漏洞
Vulnerability Description
Zephyr是Zephyr开源的一个可扩展的实时操作系统 (RTOS)。 Zephyr 4.3.0版本及之前版本存在安全漏洞,该漏洞源于dns_unpack_name函数缓存缓冲区尾空间不当,可能导致启用CONFIG_DNS_RESOLVER时发生越界写入。
CVSS Information
N/A
Vulnerability Type
N/A