Strix
26.1K

CVE-2011-3581

UnknownEPSS 4.11%

Last modified

CVE-2011-3581 is a vulnerability of currently unknown severity. Heap-based buffer overflow in the ldns_rr_new_frm_str_internal function in ldns before 1.6.11 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a Resource Record (RR) with an unknown type containing input that is longer than a specified length.. EPSS estimates a 4.11% chance of exploitation in the next 30 days.

Description

Heap-based buffer overflow in the ldns_rr_new_frm_str_internal function in ldns before 1.6.11 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a Resource Record (RR) with an unknown type containing input that is longer than a specified length.

Metrics

EPSS Probability
4.11%

89.5th percentile

Probability of exploitation in the next 30 days. Learn more

Weakness Enumeration

Affected Software

VendorProductVersions
NlnetlabsLdns<= 1.6.10
NlnetlabsLdns0.50
NlnetlabsLdns0.60
NlnetlabsLdns0.65
NlnetlabsLdns0.66
NlnetlabsLdns0.70
NlnetlabsLdns1.0.0
NlnetlabsLdns1.1.0
NlnetlabsLdns1.2.0
NlnetlabsLdns1.2.1
NlnetlabsLdns1.2.2
NlnetlabsLdns1.3
NlnetlabsLdns1.4.0
NlnetlabsLdns1.4.1
NlnetlabsLdns1.5.0
NlnetlabsLdns1.5.1
NlnetlabsLdns1.6.0
NlnetlabsLdns1.6.1
NlnetlabsLdns1.6.2
NlnetlabsLdns1.6.3
NlnetlabsLdns1.6.4
NlnetlabsLdns1.6.5
NlnetlabsLdns1.6.6
NlnetlabsLdns1.6.7
NlnetlabsLdns1.6.8
NlnetlabsLdns1.6.9

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2011-3581?
Heap-based buffer overflow in the ldns_rr_new_frm_str_internal function in ldns before 1.6.11 allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via a Resource Record (RR) with an unknown type containing input that is longer than a specified length.
How severe is CVE-2011-3581?
Severity scoring for CVE-2011-3581 is pending analysis. The EPSS model estimates a 4.11% probability of exploitation in the next 30 days.
How do I fix CVE-2011-3581?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2011-3581?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST