Django REST framework

Vulnerability Instance

Lookup for vulnerabilities affecting packages.

Vulnerability_idVCID-6yhs-39tq-e3hc
SummaryAn issue was discovered in adns before 1.5.2. adns_rr_info mishandles a bogus *datap. The general pattern for formatting integers is to sprintf into a fixed-size buffer. This is correct if the input is in the right range; if it isn't, the buffer may be overrun (depending on the sizes of the types on the current platform). Of course the inputs ought to be right. And there are pointers in there too, so perhaps one could say that the caller ought to check these things. It may be better to require the caller to make the pointer structure right, but to have the code here be defensive about (and tolerate with an error but without crashing) out-of-range integer values. So: it should defend each of these integer conversion sites with a check for the actual permitted range, and return adns_s_invaliddata if not. The lack of this check causes the SOA sign extension bug to be a serious security problem: the sign extended SOA value is out of range, and overruns the buffer when reconverted. This is related to sign extending SOA 32-bit integer fields, and use of a signed data type.
Aliases
0
alias CVE-2017-9106
Fixed_packages
0
url pkg:deb/debian/adns@1.6.0-2?distro=trixie
purl pkg:deb/debian/adns@1.6.0-2?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/adns@1.6.0-2%3Fdistro=trixie
1
url pkg:deb/debian/adns@1.6.0-2
purl pkg:deb/debian/adns@1.6.0-2
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/adns@1.6.0-2
2
url pkg:deb/debian/adns@1.6.1-1?distro=trixie
purl pkg:deb/debian/adns@1.6.1-1?distro=trixie
is_vulnerable false
affected_by_vulnerabilities
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/adns@1.6.1-1%3Fdistro=trixie
Affected_packages
0
url pkg:deb/debian/adns@1.0-6
purl pkg:deb/debian/adns@1.0-6
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4b8y-aqh2-9fe8
1
vulnerability VCID-5zre-ud6f-ckfe
2
vulnerability VCID-6yhs-39tq-e3hc
3
vulnerability VCID-8fbf-8fea-27d9
4
vulnerability VCID-c3zv-cg7f-hfe3
5
vulnerability VCID-j4d3-qrnw-gbd2
6
vulnerability VCID-j7dr-cbuk-tkgp
7
vulnerability VCID-j7qp-xbgk-h7c6
8
vulnerability VCID-q5km-d9qe-pfbu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/adns@1.0-6
1
url pkg:deb/debian/adns@1.0-8.2
purl pkg:deb/debian/adns@1.0-8.2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4b8y-aqh2-9fe8
1
vulnerability VCID-5zre-ud6f-ckfe
2
vulnerability VCID-6yhs-39tq-e3hc
3
vulnerability VCID-8fbf-8fea-27d9
4
vulnerability VCID-c3zv-cg7f-hfe3
5
vulnerability VCID-j4d3-qrnw-gbd2
6
vulnerability VCID-j7dr-cbuk-tkgp
7
vulnerability VCID-j7qp-xbgk-h7c6
8
vulnerability VCID-q5km-d9qe-pfbu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/adns@1.0-8.2
2
url pkg:deb/debian/adns@1.4-0.1
purl pkg:deb/debian/adns@1.4-0.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4b8y-aqh2-9fe8
1
vulnerability VCID-5zre-ud6f-ckfe
2
vulnerability VCID-6yhs-39tq-e3hc
3
vulnerability VCID-8fbf-8fea-27d9
4
vulnerability VCID-c3zv-cg7f-hfe3
5
vulnerability VCID-j4d3-qrnw-gbd2
6
vulnerability VCID-j7dr-cbuk-tkgp
7
vulnerability VCID-j7qp-xbgk-h7c6
8
vulnerability VCID-q5km-d9qe-pfbu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/adns@1.4-0.1
3
url pkg:deb/debian/adns@1.4-2
purl pkg:deb/debian/adns@1.4-2
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4b8y-aqh2-9fe8
1
vulnerability VCID-5zre-ud6f-ckfe
2
vulnerability VCID-6yhs-39tq-e3hc
3
vulnerability VCID-j4d3-qrnw-gbd2
4
vulnerability VCID-j7dr-cbuk-tkgp
5
vulnerability VCID-j7qp-xbgk-h7c6
6
vulnerability VCID-q5km-d9qe-pfbu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/adns@1.4-2
4
url pkg:deb/debian/adns@1.5.0~rc1-1
purl pkg:deb/debian/adns@1.5.0~rc1-1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4b8y-aqh2-9fe8
1
vulnerability VCID-5zre-ud6f-ckfe
2
vulnerability VCID-6yhs-39tq-e3hc
3
vulnerability VCID-j4d3-qrnw-gbd2
4
vulnerability VCID-j7dr-cbuk-tkgp
5
vulnerability VCID-j7qp-xbgk-h7c6
6
vulnerability VCID-q5km-d9qe-pfbu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/adns@1.5.0~rc1-1
5
url pkg:deb/debian/adns@1.5.0~rc1-1.1
purl pkg:deb/debian/adns@1.5.0~rc1-1.1
is_vulnerable true
affected_by_vulnerabilities
0
vulnerability VCID-4b8y-aqh2-9fe8
1
vulnerability VCID-5zre-ud6f-ckfe
2
vulnerability VCID-6yhs-39tq-e3hc
3
vulnerability VCID-j4d3-qrnw-gbd2
4
vulnerability VCID-j7dr-cbuk-tkgp
5
vulnerability VCID-j7qp-xbgk-h7c6
6
vulnerability VCID-q5km-d9qe-pfbu
resource_url http://public2.vulnerablecode.io/packages/pkg:deb/debian/adns@1.5.0~rc1-1.1
References
0
reference_url https://api.first.org/data/v1/epss?cve=CVE-2017-9106
reference_id
reference_type
scores
0
value 0.00527
scoring_system epss
scoring_elements 0.67126
published_at 2026-04-13T12:55:00Z
1
value 0.00527
scoring_system epss
scoring_elements 0.67054
published_at 2026-04-01T12:55:00Z
2
value 0.00527
scoring_system epss
scoring_elements 0.67091
published_at 2026-04-02T12:55:00Z
3
value 0.00527
scoring_system epss
scoring_elements 0.67115
published_at 2026-04-04T12:55:00Z
4
value 0.00527
scoring_system epss
scoring_elements 0.6709
published_at 2026-04-07T12:55:00Z
5
value 0.00527
scoring_system epss
scoring_elements 0.67139
published_at 2026-04-08T12:55:00Z
6
value 0.00527
scoring_system epss
scoring_elements 0.67152
published_at 2026-04-09T12:55:00Z
7
value 0.00527
scoring_system epss
scoring_elements 0.67171
published_at 2026-04-11T12:55:00Z
8
value 0.00527
scoring_system epss
scoring_elements 0.67157
published_at 2026-04-12T12:55:00Z
url https://api.first.org/data/v1/epss?cve=CVE-2017-9106
1
reference_url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9106
reference_id
reference_type
scores
url https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-9106
2
reference_url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
reference_id
reference_type
scores
0
value 7.5
scoring_system cvssv3.1
scoring_elements CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
url https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Weaknesses
Exploits
Severity_range_score7.5 - 7.5
Exploitability0.5
Weighted_severity3.8
Risk_score1.9
Resource_urlhttp://public2.vulnerablecode.io/vulnerabilities/VCID-6yhs-39tq-e3hc