View at Official suse advisory, NVD, CVE.org · CVE detail
Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.
CVE-2017-9108 severity important: SUSE including 23 source package names (24.164:libadns1-1.4-103.3.1, 26.196:libadns1-1.4-103.3.1, …), 65 product×package rows across 53 product lines (Container caasp/v4/nginx-ingress-controller, Container suse/ltss/sle12.5/sles12sp5, … (53 product lines)): Fixed 65.
An issue was discovered in adns before 1.5.2. adnshost mishandles a missing final newline on a stdin read. It is wrong to increment used as well as setting r, since used is incremented according to r, later. Rather one should be doing what read() would have done. Without this fix, adnshost may read and process one byte beyond the buffer, perhaps crashing or perhaps somehow leaking the value of that byte.