{"id":"CVE-2023-31470","details":"SmartDNS through 41 before 56d0332 allows an out-of-bounds write because of a stack-based buffer overflow in the _dns_encode_domain function in the dns.c file, via a crafted DNS request.","modified":"2026-04-12T03:51:18.171861Z","published":"2023-04-28T21:15:09.307Z","references":[{"type":"FIX","url":"https://github.com/pymumu/smartdns/commit/56d0332bf91104cfc877635f6c82e9348587df04"},{"type":"EVIDENCE","url":"https://github.com/pymumu/smartdns/issues/1378"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/pymumu/smartdns","events":[{"introduced":"0"},{"last_affected":"60a3719ec739be2cc1e11724ac049b09a75059cb"},{"fixed":"56d0332bf91104cfc877635f6c82e9348587df04"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"41"}]}}],"versions":["Release18","Release20","Release21","Release22","Release23","Release24","Release25","Release26-Special","Release27","Release28","Release29","Release30","Release31","Release32","Release32-RC1","Release32-RC2","Release32-RC3","Release32-RC4","Release33","Release34","Release35","Release36","Release36.1","Release37","Release37-RC1","Release37-RC2","Release37-RC3","Release37.1","Release37.2","Release38","Release38.1","Release39","Release40","Release41","Release41-RC1","Release41-RC2","Release41-RC3","all-best-ip"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-31470.json","vanir_signatures":[{"source":"https://github.com/pymumu/smartdns/commit/56d0332bf91104cfc877635f6c82e9348587df04","signature_version":"v1","signature_type":"Function","id":"CVE-2023-31470-30af6f0e","digest":{"function_hash":"169912796625121099106009019379367753006","length":735},"deprecated":false,"target":{"function":"_dns_encode_domain","file":"src/dns.c"}},{"source":"https://github.com/pymumu/smartdns/commit/56d0332bf91104cfc877635f6c82e9348587df04","signature_version":"v1","signature_type":"Function","id":"CVE-2023-31470-32bdaaad","digest":{"function_hash":"230385637131233285377617773882511915440","length":422},"deprecated":false,"target":{"function":"dns_add_rr_nested_end","file":"src/dns.c"}},{"source":"https://github.com/pymumu/smartdns/commit/56d0332bf91104cfc877635f6c82e9348587df04","signature_version":"v1","signature_type":"Function","id":"CVE-2023-31470-3ef8dc6c","digest":{"function_hash":"32096184302517270657292637520222458689","length":638},"deprecated":false,"target":{"function":"dns_get_HTTPS_svcparm_start","file":"src/dns.c"}},{"source":"https://github.com/pymumu/smartdns/commit/56d0332bf91104cfc877635f6c82e9348587df04","signature_version":"v1","signature_type":"Function","id":"CVE-2023-31470-4708478f","digest":{"function_hash":"74330430681167380186309979217637541767","length":529},"deprecated":false,"target":{"function":"dns_add_HTTPS_start","file":"src/dns.c"}},{"source":"https://github.com/pymumu/smartdns/commit/56d0332bf91104cfc877635f6c82e9348587df04","signature_version":"v1","signature_type":"Line","id":"CVE-2023-31470-49c8b413","digest":{"threshold":0.9,"line_hashes":["241382170371060283197583662737348373921","268394413119769959651969316341731283341","309590257532024282039633984238791878026","280405627721706796216816445772441069500","252541648313301507617401436555684979247","54717255861077282450922740716153881019","45567382952575710476382746254630472778","294339842528982194421118699944437859957","306313475636853026047985297106242121089","244276304013555880355386645525839941156","300962561133503824646429150118463052158"]},"deprecated":false,"target":{"file":"src/util.c"}},{"source":"https://github.com/pymumu/smartdns/commit/56d0332bf91104cfc877635f6c82e9348587df04","signature_version":"v1","signature_type":"Line","id":"CVE-2023-31470-a7387fed","digest":{"threshold":0.9,"line_hashes":["242436621917432689634126263678710259071","171997737769840085234946205156580448419","273883572508791090062942736680819502601","15684461347770907045653342493078886155","337831570853474113689584546485078743680","149099078884125531376868683738837243019","118218576298448768285027509491127044866","117574967973713412826340250479487077725","294307222102852762579063593928976431148","15231982700930121309739415791389125115","192618051883365668007899048782963695786","332349050204823870823446101647984030146","7434353030398014082408036716668599223","209473610003125851203517998407966832185","282274310934208356747384066728206997451","293917817353941682130410713843978644729","72511154505166645562637247508203601940","1249815323647990241932436725969709811","315597855468372793427326351776427679541","185447228769326067893105405059107550430","214770328058757461606798784671617728517","54113753011228220109993187857541951483","98231460787787160510159576475229163249","6941502951922231182010838164522186446","158158986231759668643960743643914160061","329725410821383967190997881096706791214","8883790196571882293248487332145701390","99405647811762234497343018120353539034","107436536018053776512446665544552182330","157304411885943439682082656583763540474","227057906616735848470529407416018375659","335148344838058010607359020527615561488","33775502251128779849449512578934633017","216142181337568567379475395082918168883","184512915804415280252584200842259530081","282492178383963727052300689313960165496","170141455759007555750780959237977494987","226684063342980192969372068326222316771","253399481465956515509827067690431983091","255609798571410525453301283684695621890","92144644094459739158713559742146870520","151443797382330957493117464426992709813","290251713395817325486614222133508376377","269833099071242175776843757976670117705","14354461176105564041851769093091643217","137634766307045756726367262319113837024","55294380615226157968122403724529949509","2518924837095110377206593488354693213","113520629202918154036452288667049515847","167674556921708638859154034141908225989","58792682466335628525056613426049159261","69718951193405978445522695134002387300","150253224547257113241004346327503610259","119672745255136024911093294384405064157","249534049721945734131640243530763872904","206013203817353240806772714138520468235","295217366866798813978120539284831447237","156709637954916424189594674055750432878","331472309295222649175965894251724635694","133318202385527811802544557006804748342","43668674395182328274175117810719793484","324112346056683059256473279357957356265","205184063631139715535048389739069943420","234389030951701291058556837983042990269","321630748339169804715526887749191641350","227768696961366997017170306240119849327","234738702191021095867188473638268547516","276948468486083991224908792656544222395","216283891559911506248485707528373146281","273589668745429817700849163570630059312","50521080654286145340369265576512643124","282260957339371591233377827989476983710"]},"deprecated":false,"target":{"file":"src/dns.c"}},{"source":"https://github.com/pymumu/smartdns/commit/56d0332bf91104cfc877635f6c82e9348587df04","signature_version":"v1","signature_type":"Function","id":"CVE-2023-31470-c02f6f8a","digest":{"function_hash":"47402501447271308738697483432145837495","length":3616},"deprecated":false,"target":{"function":"_dns_debug_display","file":"src/util.c"}},{"source":"https://github.com/pymumu/smartdns/commit/56d0332bf91104cfc877635f6c82e9348587df04","signature_version":"v1","signature_type":"Function","id":"CVE-2023-31470-d998aa05","digest":{"function_hash":"73860905397934245887131865301290350758","length":1482},"deprecated":false,"target":{"function":"_dns_encode_HTTPS","file":"src/dns.c"}},{"source":"https://github.com/pymumu/smartdns/commit/56d0332bf91104cfc877635f6c82e9348587df04","signature_version":"v1","signature_type":"Function","id":"CVE-2023-31470-e8fc325e","digest":{"function_hash":"24456801407452923010312671941676136177","length":298},"deprecated":false,"target":{"function":"dns_add_rr_nested_memcpy","file":"src/dns.c"}},{"source":"https://github.com/pymumu/smartdns/commit/56d0332bf91104cfc877635f6c82e9348587df04","signature_version":"v1","signature_type":"Line","id":"CVE-2023-31470-f5777916","digest":{"threshold":0.9,"line_hashes":["271650015501604082981201918449662942840","77410190747481867046140665066740852349","224278159918926703332621707099272900790","32796693444213255373506832463648253670","135493299135695247351772366731603920841","58668368475773534802509196783275382556","282205146488963757813324235524523717009","252911935510293184220654857646372740507","243194980721953938189801404652405166342","30318820646937552653892063120310513542","34613184192252068540003950345180216395","312671530356303716819383196225243611451","55593267716804864379718970905006353680","93483028081201387081592708370955088327","267340466230713140335547516857558592575","222744525255572261300598791868362332818","265526031799172328413677955837421586997","3279029900774652742043446343024028796","92912805564498730712234434802194974112","138532487846352349617211720361210024040","140074488584029464757469184618489054393","268925846236506645757884867248030153235"]},"deprecated":false,"target":{"file":"src/dns.h"}}],"vanir_signatures_modified":"2026-04-12T03:51:18Z"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}