漏洞信息
尽管我们使用了先进的大模型技术,但其输出仍可能包含不准确或过时的信息。神龙努力确保数据的准确性,但请您根据实际情况进行核实和判断。
Vulnerability Title
Insufficient verification that responses belong to a query
Vulnerability Description
NLnet Labs ldns 1.2.0 up to and including versions 1.9.0, when used in applications as (stub) resolver over UDP, lacks matching the query destination address and port with the response source address and port. Furthermore not the query ID, neither the question of the query is matched with that of the response. This makes applications, that use ldns for (stub) resolver functionality over UDP, vulnerable for off-path poisoning attacks. The drill tool, which is shipped with ldns, suffers from this vulnerability.
CVSS Information
N/A
Vulnerability Type
源验证错误
Vulnerability Title
NLnet Labs ldns 访问控制错误漏洞
Vulnerability Description
NLnet Labs ldns是荷兰Nlnet基金会的一个便于DNS工具编程的DNS库。 NLnet Labs ldns 1.2.0版本至1.9.0版本存在访问控制错误漏洞,该漏洞源于作为UDP解析器使用时未匹配查询目标地址和端口与响应源地址和端口,可能导致应用程序易受路径外投毒攻击。
CVSS Information
N/A
Vulnerability Type
N/A