Lucene search
HistorySep 24, 2008 - 11:42 a.m.
CVE-2008-4194
cve-2008-4194
pdnsd
denial of service
remote attackers
dns
vulnerability
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
6.3 Medium
AI Score
Confidence
High
0.009 Low
EPSS
Percentile
83.0%
The p_exec_query function in src/dns_query.c in pdnsd before 1.2.7-par allows remote attackers to cause a denial of service (daemon crash) via a long DNS reply with many entries in the answer section, related to a “dangling pointer bug.”
Affected configurations
Node
pdnsdpdnsdRange≤1.2.6-par
ORpdnsdpdnsdMatch1.1.7
ORpdnsdpdnsdMatch1.1.7a
ORpdnsdpdnsdMatch1.1.8b1-par4
ORpdnsdpdnsdMatch1.1.8b1-par5
ORpdnsdpdnsdMatch1.1.8b1-par6
ORpdnsdpdnsdMatch1.1.8b1-par7
ORpdnsdpdnsdMatch1.1.8b1-par8
ORpdnsdpdnsdMatch1.1.9-par
ORpdnsdpdnsdMatch1.1.10-par
ORpdnsdpdnsdMatch1.1.11-par
ORpdnsdpdnsdMatch1.1.11a-par
ORpdnsdpdnsdMatch1.2-par
ORpdnsdpdnsdMatch1.2.1_par
ORpdnsdpdnsdMatch1.2.4-par
ORpdnsdpdnsdMatch1.2.5-par
Related
prion
prion
Design/Logic Flaw
2008-09-24 11:42:00
cvelist
cvelist
CVE-2008-4194
2008-09-24 10:00:00
nvd
nvd
CVE-2008-4194
2008-09-24 11:42:25
nessus
nessus
Ubuntu 6.06 LTS / 7.04 / 7.10 / 8.04 LTS : bind9 vulnerability (USN-622-1)
2008-07-10 00:00:00
Debian DSA-1623-1 : dnsmasq - DNS cache poisoning
2008-08-01 00:00:00
GLSA-200901-03 : pdnsd: Denial of Service and cache poisoning
2009-01-12 00:00:00
gentoo
gentoo
pdnsd: Denial of Service and cache poisoning
2009-01-11 00:00:00
openvas
openvas
Gentoo Security Advisory GLSA 200901-03 (pdnsd)
2009-01-13 00:00:00
Gentoo Security Advisory GLSA 200901-03 (pdnsd)
2009-01-13 00:00:00
5 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
6.3 Medium
AI Score
Confidence
High
0.009 Low
EPSS
Percentile
83.0%
Related for CVE-2008-4194