Published: 20/09/2017 Updated: 03/10/2019

CVSS v2 Base Score: 7.8 | Impact Score: 6.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 694

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C

The DNS packet parser in YADIFA prior to 2.2.6 does not check for the presence of infinite pointer loops, and thus it is possible to force it to enter an infinite loop. This can cause high CPU usage and makes the server unresponsive.

Vulnerable Product	Search on Vulmon	Subscribe to Product
yadifa yadifa

Debian Bug report logs - #876315 CVE-2017-14339 Package: src:yadifa; Maintainer for src:yadifa is Debian DNS Packaging <pkg-dns-devel@listsaliothdebianorg>; Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: Wed, 20 Sep 2017 21:27:01 UTC Severity: grave Tags: fixed-upstream, security, upstream Found in versio ...

It was discovered that YADIFA, an authoritative DNS server, did not sufficiently check its input This allowed a remote attacker to cause a denial-of-service by forcing the daemon to enter an infinite loop For the stable distribution (stretch), this problem has been fixed in version 223-1+deb9u1 We recommend that you upgrade your yadifa package ...

CWE-835 https://www.tarlogic.com/blog/fuzzing-yadifa-dns/https://github.com/yadifa/yadifa/blob/v2.2.6/ChangeLog http://www.debian.org/security/2017/dsa-4001 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876315 https://nvd.nist.gov https://www.debian.org/security/./dsa-4001

Get Started

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Twitter Reddit Linkedin Facebook

CVE-2017-14339

Vulnerability Summary

Vendor Advisories

References

Vulmon Search

About

Products

Connect