Vulnerability Description
The p_exec_query function in src/dns_query.c in pdnsd before 1.2.7-par allows remote attackers to cause a denial of service (daemon crash) via a long DNS reply with many entries in the answer section, related to a "dangling pointer bug."
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Pdnsd | Pdnsd | <= 1.2.6-par |
Related Weaknesses (CWE)
References
- http://www.phys.uu.nl/~rombouts/pdnsd.html
- http://www.phys.uu.nl/~rombouts/pdnsd/ChangeLog
- http://www.vupen.com/english/advisories/2008/2582
- https://exchange.xforce.ibmcloud.com/vulnerabilities/45594
- http://www.phys.uu.nl/~rombouts/pdnsd.html
- http://www.phys.uu.nl/~rombouts/pdnsd/ChangeLog
- http://www.vupen.com/english/advisories/2008/2582
- https://exchange.xforce.ibmcloud.com/vulnerabilities/45594
FAQ
What is CVE-2008-4194?
CVE-2008-4194 is a vulnerability with a CVSS score of 5.0 (MEDIUM). The p_exec_query function in src/dns_query.c in pdnsd before 1.2.7-par allows remote attackers to cause a denial of service (daemon crash) via a long DNS reply with many entries in the answer section,...
How severe is CVE-2008-4194?
CVE-2008-4194 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2008-4194?
Check the references section above for vendor advisories and patch information. Affected products include: Pdnsd Pdnsd.