GNU C Library Buffer Overread Vulnerability in Deprecated DNS Debugging Functions

A buffer overread vulnerability has been identified in the GNU C Library (glibc) in versions 2.2 and newer. The issue arises in the deprecated functions ns_printrrf, ns_printrr, and fp_nquery, which are intended for application debugging but not for use by new applications. These functions fail to properly validate the RDATA content against the RDATA length in DNS responses when handling LOC, CERT, TKEY, or TSIG records. This oversight may allow an attacker to craft a DNS response that causes a target application to crash or read uninitialized memory. The vulnerability was discovered while developing a test case for another related issue.

Impact

Exploitation of this vulnerability can lead to a buffer overread, causing applications to read uninitialized memory, which may result in information disclosure or unpredictable behavior.

Reproduction

The vulnerability can be reproduced by using the deprecated DNS debugging functions ns_printrrf, ns_printrr, or fp_nquery to process DNS packets that contain corrupted RDATA fields in LOC, CERT, TKEY, or TSIG records. The functions will not validate the RDATA length properly, leading to a buffer overread.

Remediation

Applications should avoid using the deprecated functions ns_printrrf, ns_printrr, and fp_nquery, as they may be removed in future versions of the GNU C Library. Instead, consider using alternative methods for handling DNS responses that include proper validation of RDATA lengths.