vulnerability

Ubuntu: USN-3491-1 (CVE-2017-1000231): ldns vulnerabilities

Try Surface Command

Back to search

Severity	CVSS	Published	Added	Modified
8	(AV:N/AC:L/Au:N/C:P/I:P/A:P)	Nov 16, 2017	Nov 23, 2017	Aug 18, 2025

Severity

CVSS

(AV:N/AC:L/Au:N/C:P/I:P/A:P)

Published

Nov 16, 2017

Added

Nov 23, 2017

Modified

Aug 18, 2025

Description

Leon Weber discovered that the ldns-keygen tool incorrectly set permissions
on private keys. A local attacker could possibly use this issue to obtain
generated private keys. This issue only applied to Ubuntu 14.04 LTS.
(CVE-2014-3209)

Stephan Zeisberg discovered that ldns incorrectly handled memory when
processing data. A remote attacker could use this issue to cause ldns to
crash, resulting in a denial of service, or possibly execute arbitrary
code. (CVE-2017-1000231, CVE-2017-1000232)

Solutions

ubuntu-upgrade-libldns1ubuntu-upgrade-libldns2

References

CVE-2017-100023
https://attackerkb.com/topics/CVE-2017-100023
CWE-415
NVD-CVE-2017-1000231
UBUNTU-USN-3491-1

NEW

Explore Exposure Command

Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.

Try it today