CVE-2017-14339
Published: 20 September 2017
The DNS packet parser in YADIFA before 2.2.6 does not check for the presence of infinite pointer loops, and thus it is possible to force it to enter an infinite loop. This can cause high CPU usage and makes the server unresponsive.
Priority
Status
Package | Release | Status |
---|---|---|
yadifa Launchpad, Ubuntu, Debian |
groovy |
Not vulnerable
(2.3.7-1build1)
|
hirsute |
Not vulnerable
(2.3.7-1build1)
|
|
kinetic |
Not vulnerable
(2.3.7-1build1)
|
|
lunar |
Not vulnerable
(2.3.7-1build1)
|
|
artful |
Ignored
(end of life)
|
|
bionic |
Not vulnerable
(2.3.7-1build1)
|
|
cosmic |
Not vulnerable
(2.3.7-1build1)
|
|
disco |
Not vulnerable
(2.3.7-1build1)
|
|
eoan |
Not vulnerable
(2.3.7-1build1)
|
|
focal |
Not vulnerable
(2.3.7-1build1)
|
|
impish |
Not vulnerable
(2.3.7-1build1)
|
|
jammy |
Not vulnerable
(2.3.7-1build1)
|
|
trusty |
Does not exist
|
|
upstream |
Released
(2.2.3-1+deb9u1, 2.2.6-1)
|
|
xenial |
Needed
|
|
zesty |
Released
(2.2.3-1+deb9u1build0.17.04.1)
|
|
mantic |
Not vulnerable
(2.3.7-1build1)
|
Severity score breakdown
Parameter | Value |
---|---|
Base score | 7.5 |
Attack vector | Network |
Attack complexity | Low |
Privileges required | None |
User interaction | None |
Scope | Unchanged |
Confidentiality | None |
Integrity impact | None |
Availability impact | High |
Vector | CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |