MEDIUM
BitWizard
CVE published 2026-07-10
CVE-2026-14461
The mtr package is vulnerable to an out-of-bound read issue in the ipinfo_lookup() function. An attacker can influence the TXT response used for AS lookups to trigger this bug by returning a DNS response larger than 512 bytes with a crafted compression pointer in the answer NAME field. The ipinfo_lookup() function uses the response length as the end-of-message boundary for the dn_expand() function, result [truncated]