Source: dmitry X-Debbugs-CC: t...@security.debian.org Severity: important Tags: security
Hi, The following vulnerabilities were published for dmitry. CVE-2017-7938[0]: | Stack-based buffer overflow in DMitry (Deepmagic Information | Gathering Tool) version 1.3a (Unix) allows attackers to cause a | denial of service (application crash) or possibly have unspecified | other impact via a long argument. An example threat model is | automated execution of DMitry with hostname strings found in local | log files. https://packetstormsecurity.com/files/142210/Dmitry-1.3a-Local-Stack-Buffer-Overflow.html https://github.com/jaygreig86/dmitry/pull/12 CVE-2020-14931[1]: | A stack-based buffer overflow in DMitry (Deepmagic Information | Gathering Tool) 1.3a might allow remote WHOIS servers to execute | arbitrary code via a long line in a response that is mishandled by | nic_format_buff. https://github.com/jaygreig86/dmitry/issues/4 https://github.com/jaygreig86/dmitry/pull/6 Fixed by: https://github.com/jaygreig86/dmitry/commit/da1fda491145719ae15dd36dd37a69bdbba0b192 CVE-2024-31837[2]: | DMitry (Deepmagic Information Gathering Tool) 1.3a has a format- | string vulnerability, with a threat model similar to CVE-2017-7938. https://github.com/jaygreig86/dmitry/pull/12 If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2017-7938 https://www.cve.org/CVERecord?id=CVE-2017-7938 [1] https://security-tracker.debian.org/tracker/CVE-2020-14931 https://www.cve.org/CVERecord?id=CVE-2020-14931 [2] https://security-tracker.debian.org/tracker/CVE-2024-31837 https://www.cve.org/CVERecord?id=CVE-2024-31837 Please adjust the affected versions in the BTS as needed.
