{"id":"CVE-2020-19860","details":"When ldns version 1.7.1 verifies a zone file, the ldns_rr_new_frm_str_internal function has a heap out of bounds read vulnerability. An attacker can leak information on the heap by constructing a zone file payload.","modified":"2026-02-01T05:04:42.572538Z","published":"2022-01-21T14:15:07.690Z","related":["SUSE-SU-2022:0675-1","openSUSE-SU-2022:0675-1","openSUSE-SU-2024:11802-1"],"references":[{"type":"ADVISORY","url":"https://github.com/NLnetLabs/ldns/commit/15d96206996bea969fbc918eb0a4a346f514b9f3"},{"type":"ADVISORY","url":"https://github.com/NLnetLabs/ldns/issues/50"},{"type":"REPORT","url":"https://github.com/NLnetLabs/ldns/issues/50"},{"type":"FIX","url":"https://github.com/NLnetLabs/ldns/commit/15d96206996bea969fbc918eb0a4a346f514b9f3"},{"type":"EVIDENCE","url":"https://github.com/NLnetLabs/ldns/issues/50"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/nlnetlabs/ldns","events":[{"introduced":"0"},{"fixed":"15d96206996bea969fbc918eb0a4a346f514b9f3"}]}],"versions":["release-1.6.11","release-1.6.17","release-1.6.17rc1","release-1.6.17rc2","release-1.7.0","release-1.7.0-rc1","release-1.7.1","release-1.7.1-rc1"],"database_specific":{"vanir_signatures":[{"target":{"file":"rr.c","function":"ldns_rr_new_frm_str_internal"},"deprecated":false,"source":"https://github.com/nlnetlabs/ldns/commit/15d96206996bea969fbc918eb0a4a346f514b9f3","signature_version":"v1","id":"CVE-2020-19860-191561e2","signature_type":"Function","digest":{"length":8891,"function_hash":"251941352422954362548173721366397297493"}},{"target":{"file":"rr.c"},"deprecated":false,"source":"https://github.com/nlnetlabs/ldns/commit/15d96206996bea969fbc918eb0a4a346f514b9f3","signature_version":"v1","id":"CVE-2020-19860-75361339","signature_type":"Line","digest":{"line_hashes":["304150356136728191013666289071051846294","155677165420181730933934979959893485858","77135638458978608597762295275407082624","260965272174818498082687692350980513016","130518172275200410960406267494341286040","51273490682426193892898198661893070480","21702059573567139622621572651513730590","210984438082497427222760441458755393575","12078708481039353439108142430185836923","275043312956904328881478936168966183832","72408890483878620117238557110253677009"],"threshold":0.9}}],"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-19860.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:N/A:N"}]}