Upstream information
Description
mtr is vulnerable to Out-of-bound read vulnerability in ipinfo_lookup() function. An attacker who can influence the TXT response used for AS lookups can trigger this bug by returning a DNS response that is larger than 512 bytes and uses a crafted compression pointer in the answer NAME field. ipinfo_lookup() function uses the length of the response as the end-of-message boundary for dn_expand() function. The result is a reliable crash.This issue exists in the mtr through version 0.96 and it was fixed in commit 48e1794414d338ce47abc0f27c25ade8788af9c3.
Other Security Trackers
SUSE information
Overall state of this security issue: Does not affect SUSE products
This issue is currently rated as having moderate severity.
| CVSS detail | SUSE |
|---|---|
| Base Score | 4.3 |
| Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L |
| Attack Vector | Network |
| Attack Complexity | Low |
| Privileges Required | None |
| User Interaction | Required |
| Scope | Unchanged |
| Confidentiality Impact | None |
| Integrity Impact | None |
| Availability Impact | Low |
| CVSSv3 Version | 3.1 |
| CVSS detail | CNA (cvd@cert.pl) |
|---|---|
| Base Score | 5.1 |
| Vector | CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X |
| Attack Vector | Network |
| Attack Complexity | Low |
| Attack Requirements | None |
| Privileges Required | None |
| User Interaction | Active |
| Vulnerable System Confidentiality Impact | None |
| Vulnerable System Integrity Impact | None |
| Vulnerable System Availability Impact | Low |
| Subsequent System Confidentiality Impact | None |
| Subsequent System Integrity Impact | None |
| Subsequent System Availability Impact | None |
| CVSSv4 Version | 4.0 |
SUSE Timeline for this CVE
CVE page created: Fri Jul 10 16:24:45 2026CVE page last modified: Fri Jul 10 17:30:44 2026