{"id":"GHSA-9jcx-pr2f-qvq5","summary":"miekg/dns parsing error leads to nil pointer dereference and DoS","details":"An issue was discovered in `setTA` in `scan_rr.go` in the Miek Gieben DNS library before 1.0.10 for Go. A `dns.ParseZone()` parsing error causes a segmentation violation, leading to denial of service.","aliases":["CVE-2018-17419","GO-2020-0028"],"modified":"2024-05-20T19:40:31Z","published":"2021-05-18T18:34:25Z","database_specific":{"severity":"HIGH","github_reviewed":true,"cwe_ids":["CWE-400"],"github_reviewed_at":"2021-05-11T00:44:23Z","nvd_published_at":null},"references":[{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2018-17419"},{"type":"WEB","url":"https://github.com/miekg/dns/issues/742"},{"type":"WEB","url":"https://github.com/miekg/dns/pull/745/commits/f71d7d9d77d439b30a5e50900df5b1f988a50e5e"},{"type":"WEB","url":"https://github.com/miekg/dns/commit/501e858f679edecd4a38a86317ce50271014a80d"},{"type":"PACKAGE","url":"https://github.com/miekg/dns"},{"type":"WEB","url":"https://pkg.go.dev/vuln/GO-2020-0028"}],"affected":[{"package":{"name":"github.com/miekg/dns","ecosystem":"Go","purl":"pkg:golang/github.com/miekg/dns"},"ranges":[{"type":"SEMVER","events":[{"introduced":"0"},{"fixed":"1.0.10"}]}],"database_specific":{"source":"https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2021/05/GHSA-9jcx-pr2f-qvq5/GHSA-9jcx-pr2f-qvq5.json"}}],"schema_version":"1.7.3","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}