Heap overflow with zero-length TXT record #11
Description
In the glibc fork of the Hesiod, we recently fixed a heap-based buffer overflow which is triggered by an invalid (zero-length) TXT record:
We did not treat this as a security vulnerability because Hesiod treats DNS data as trusted by design, so no trust boundary is crossed.