CVE-2017-14339

The DNS packet parser in YADIFA before 2.2.6 does not check for the presence of infinite pointer loops, and thus it is possible to force it to enter an infinite loop. This can cause high CPU usage and makes the server unresponsive.
Configurations

Configuration 1 (hide)

cpe:2.3:a:yadifa:yadifa:*:*:*:*:*:*:*:*

History

21 Nov 2024, 03:12

Type Values Removed Values Added
References () http://www.debian.org/security/2017/dsa-4001 - () http://www.debian.org/security/2017/dsa-4001 -
References () https://github.com/yadifa/yadifa/blob/v2.2.6/ChangeLog - Third Party Advisory () https://github.com/yadifa/yadifa/blob/v2.2.6/ChangeLog - Third Party Advisory
References () https://www.tarlogic.com/blog/fuzzing-yadifa-dns/ - Exploit, Technical Description, Third Party Advisory () https://www.tarlogic.com/blog/fuzzing-yadifa-dns/ - Exploit, Technical Description, Third Party Advisory

Information

Published : 2017-09-20 16:29

Updated : 2024-11-21 03:12


NVD link : CVE-2017-14339

Mitre link : CVE-2017-14339

CVE.ORG link : CVE-2017-14339


JSON object : View

Products Affected

yadifa

  • yadifa
CWE
CWE-835

Loop with Unreachable Exit Condition ('Infinite Loop')