Vulnerability Description
The DNS packet parser in YADIFA before 2.2.6 does not check for the presence of infinite pointer loops, and thus it is possible to force it to enter an infinite loop. This can cause high CPU usage and makes the server unresponsive.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Yadifa | Yadifa | <= 2.2.5 |
Related Weaknesses (CWE)
References
- http://www.debian.org/security/2017/dsa-4001
- https://github.com/yadifa/yadifa/blob/v2.2.6/ChangeLogThird Party Advisory
- https://www.tarlogic.com/blog/fuzzing-yadifa-dns/ExploitTechnical DescriptionThird Party Advisory
- http://www.debian.org/security/2017/dsa-4001
- https://github.com/yadifa/yadifa/blob/v2.2.6/ChangeLogThird Party Advisory
- https://www.tarlogic.com/blog/fuzzing-yadifa-dns/ExploitTechnical DescriptionThird Party Advisory
FAQ
What is CVE-2017-14339?
CVE-2017-14339 is a vulnerability with a CVSS score of 7.5 (HIGH). The DNS packet parser in YADIFA before 2.2.6 does not check for the presence of infinite pointer loops, and thus it is possible to force it to enter an infinite loop. This can cause high CPU usage and...
How severe is CVE-2017-14339?
CVE-2017-14339 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2017-14339?
Check the references section above for vendor advisories and patch information. Affected products include: Yadifa Yadifa.