Vulnerable applications: all adns callers.
Exploitable by: the local recursive resolver.
Likely worst case: Remote code execution.
Vulnerable applications: those that make SOA queries.
Exploitable by: upstream DNS data sources.
Likely worst case: DoS (crash of the adns-using application)
Vulnerable applications: those that use adns_qf_quoteok_query.
Exploitable by: sources of query domain names.
Likely worst case: DoS (crash of the adns-using application)
Vulnerable applications: adnshost.
Exploitable by: code responsible for framing the input.
Likely worst case: DoS (adnshost crashes at EOF).