In the library developed by the GNU project for performing adns DNS queries 7 vulnerabilities, of which four are problems (, , , ) can be used to launch a remote code execution attack on the system. The remaining three vulnerabilities result in a denial of service by causing an application using adns to crash.
Plastic bag includes a C library and a set of utilities for performing DNS queries in asynchronous mode or using an event-driven model (Event-driven). Issues fixed in releases . Vulnerabilities allow attacking applications that call adns functions through the return of a specially crafted response or SOA / RP fields by a recursive DNS server.
Source: opennet.ru