2020-12-11 22:36:31
mitre
PUBLISHED
An issue was discovered in FNET through 4.6.4. The code for processing the hostname from an LLMNR request doesnt check for 0 termination. Therefore, the deduced length of the hostname doesnt reflect the correct length of the actual data. This may lead to Information Disclosure in _fnet_llmnr_poll in fnet_llmnr.c during a response to a malicious request of the DNS class IN.