Untriaged
Permalink
CVE-2026-1425
5.6 MEDIUM
- CVSS version: 3.1
- Attack vector (AV):
- Attack complexity (AC):
- Privileges required (PR):
- User interaction (UI):
- Scope (S):
- Confidentiality impact (C):
- Integrity impact (I):
- Availability impact (A):
pymumu SmartDNS SVBC Record dns.c _dns_decode_SVCB_HTTPS stack-based overflow
A security flaw has been discovered in pymumu SmartDNS up to 47.1. This vulnerability affects the function _dns_decode_rr_head/_dns_decode_SVCB_HTTPS of the file src/dns.c of the component SVBC Record Parser. The manipulation results in stack-based buffer overflow. It is possible to launch the attack remotely. A high complexity level is associated with this attack. It is stated that the exploitability is difficult. The patch is identified as 2d57c4b4e1add9b4537aeb403f794a084727e1c8. Applying a patch is advised to resolve this issue.
References
- Submit #736827 | pymumu smartdns 47.1 Stack-based Buffer Overflow third-party-advisory
- https://github.com/pymumu/smartdns/commit/2d57c4b4e1add9b4537aeb403f794a084727e… patch
- VDB-342841 | pymumu SmartDNS SVBC Record dns.c _dns_decode_SVCB_HTTPS stack-based overflow vdb-entry technical-description
- VDB-342841 | CTI Indicators (IOB, IOC, IOA) signature permissions-required
Affected products
SmartDNS
- ==47.1
- ==47.0
Package maintainers
-
@LEXUGE Harry Ying <lexugeyky@outlook.com>