-
Type:
Defect (Security)
-
Resolution: Fixed
-
Priority:
Minor
-
None
-
Affects Version/s: None
-
Component/s: Agent (G)
-
None
| Mitre ID | CVE-2023-32726 |
| CVSS score | 3.9 |
| CVSS Severity | Low |
| CVSS vector | CVSS:3.1/AV:N/AC:H/PR:H/UI:R/S:U/C:L/I:L/A:L |
| Summary | Possible buffer overread from reading DNS responses |
| Description | The vulnerability is caused by improper check for RDLENGTH, if it overflows the buffer in response from DNS server. |
| Common Weakness Enumeration (CWE) | CWE-754: Improper Check for Unusual or Exceptional Conditions |
| Common Attack Pattern Enumeration and Classification (CAPEC) | CAPEC-540 Overread Buffers |
| Known attack vectors | This type of attack may result in exposure of sensitive information, a system crash, or arbitrary code execution. |
| Patch provided | No |
| Component/s | Agent |
| Affected version/s and fix version/s | 5.0.0 - 5.0.39 / 5.0.40 6.0.0 - 6.0.23 / 6.0.24 6.4.0 - 6.4.8 / 6.4.9 7.0.0alpha1 - 7.0.0alpha6 / 7.0.0alpha8 |
| Fix compatibility tests | None |
| Resolution | Fixed |
| Workarounds | - |
| Acknowledgements | This vulnerability is reported in HackerOne bounty hunter platform by Philippe Antoine (catenacyber) |