Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

net: LookupAddr may return a list of malicious domain names in the returned PTR records #8929

Closed
mikioh opened this issue Oct 14, 2014 · 2 comments
Closed

net: LookupAddr may return a list of malicious domain names in the returned PTR records #8929

mikioh opened this issue Oct 14, 2014 · 2 comments
Labels
FrozenDueToAge

Comments

@mikioh
Copy link
Contributor

mikioh commented Oct 14, 2014 

See http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2014-3671,
http://packetstorm.sigterm.no/1410-exploits/dnsbash-exec.txt.
@gopherbot
Copy link

Comment 1:

CL https://golang.org/cl/157020043 mentions this issue.

@bradfitz bradfitz removed the new label Dec 18, 2014
@mikioh mikioh added the v2 A language change or incompatible library change label Feb 4, 2015
@rsc
Copy link
Contributor

rsc commented Apr 10, 2015

I don't believe it is the Go standard library's job to defend against bugs in bash, even in Go 2.

@rsc rsc closed this as completed Apr 10, 2015
@bradfitz bradfitz removed the v2 A language change or incompatible library change label Apr 11, 2015
@golang golang locked and limited conversation to collaborators Jun 25, 2016
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
FrozenDueToAge
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@bradfitz @mikioh @rsc @gopherbot