{"id":"CVE-2020-19861","details":"When a zone file in ldns 1.7.1 is parsed, the function ldns_nsec3_salt_data is too trusted for the length value obtained from the zone file. When the memcpy is copied, the 0xfe - ldns_rdf_size(salt_rdf) byte data can be copied, causing heap overflow information leakage.","modified":"2026-05-28T04:05:16.148865562Z","published":"2022-01-21T15:15:07.607Z","related":["SUSE-SU-2022:0675-1","openSUSE-SU-2022:0675-1","openSUSE-SU-2024:11802-1"],"database_specific":{},"references":[{"type":"ADVISORY","url":"https://cwe.mitre.org/data/definitions/126.html"},{"type":"REPORT","url":"https://github.com/NLnetLabs/ldns/issues/51"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/nlnetlabs/ldns","events":[{"introduced":"0"},{"last_affected":"53bc57512c19b11eebc403a4cb2bbf7295eb0db1"}],"database_specific":{"cpe":"cpe:2.3:a:nlnetlabs:ldns:1.7.1:*:*:*:*:*:*:*","source":"CPE_STRING","extracted_events":[{"introduced":"0"},{"last_affected":"1.7.1"}]}}],"versions":["release-1.7.1","release-1.7.1-rc1","release-1.7.0-rc1","release-1.6.17rc1","release-1.6.11"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-19861.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"}]}