-
Bug
-
Resolution: Unresolved
-
Undefined
-
None
-
rhel-9.3.0
-
None
-
None
-
rhel-net-perf
-
ssg_core_services
-
4
-
False
-
False
-
-
None
-
None
-
None
-
None
-
None
What were you trying to do that didn't work?
Error: SNYK_CODE_WARNING (CWE-125):
dnsmasq-2.85/src/cache.c:1730:17: error[cpp/NegativeIndex]: The value from sprintf, a standard library function that can return a negative value is used as an index. A negative array index can lead to reading or writing outside the bounds of the array. Ensure the value of the index used is within bounds before use.
# 1728| {
# 1729| int targetlen = cache->addr.srv.targetlen;
# 1730|-> ssize_t len = sprintf(a, ""%u %u %u "", cache->addr.srv.priority,
# 1731| cache->addr.srv.weight, cache->addr.srv.srvport);
# 1732|
Please provide the package NVR for which bug is seen:
dnsmasq-2.85-14.el9
How reproducible:
Steps to reproduce
Expected results
Used just during cache dump. Trivial format on preallocated buffer is unlikely to fail. Should be fixed, but not likely attack vector