Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

Maradns Security Vulnerabilities

cve
cve

CVE-2023-31137

MaraDNS is open-source software that implements the Domain Name System (DNS). In version 3.5.0024 and prior, a remotely exploitable integer underflow vulnerability in the DNS packet decompression function allows an attacker to cause a Denial of Service by triggering an abnormal program...

7.5CVSS

7.3AI Score

0.001EPSS

2023-05-09 02:15 PM
12
cve
cve

CVE-2022-30256

An issue was discovered in MaraDNS Deadwood through 3.5.0021 that allows variant V1 of unintended domain name resolution. A revoked domain name can still be resolvable for a long time, including expired domains and taken-down malicious domains. The effects of an exploit would be widespread and...

7.5CVSS

7.2AI Score

0.002EPSS

2022-11-19 12:15 AM
36
3
cve
cve

CVE-2014-2032

Deadwood before 2.3.09, 3.x before 3.2.05, and as used in MaraDNS before 1.4.14 and 2.x before 2.0.09, allow remote attackers to cause a denial of service (out-of-bounds read and crash) by leveraging permission to perform recursive queries against Deadwood, related to missing input...

5.9CVSS

5.6AI Score

0.007EPSS

2018-03-20 09:29 PM
21
cve
cve

CVE-2014-2031

Deadwood before 2.3.09, 3.x before 3.2.05, and as used in MaraDNS before 1.4.14 and 2.x before 2.0.09, allow remote attackers to cause a denial of service (out-of-bounds read and crash) by leveraging permission to perform recursive queries against Deadwood, related to a logic...

5.9CVSS

5.6AI Score

0.007EPSS

2018-03-20 09:29 PM
21
cve
cve

CVE-2012-1570

The resolver in MaraDNS before 1.3.0.7.15 and 1.4.x before 1.4.12 overwrites cached server names and TTL values in NS records during the processing of a response to an A record query, which allows remote attackers to trigger continued resolvability of revoked domain names via a "ghost domain...

6.7AI Score

0.005EPSS

2012-03-28 10:55 AM
22
cve
cve

CVE-2012-0024

MaraDNS before 1.3.07.12 and 1.4.x before 1.4.08 computes hash values for DNS data without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted queries with the Recursion Desired (RD)...

6.5AI Score

0.002EPSS

2012-01-08 12:55 AM
24
cve
cve

CVE-2011-5056

The authoritative server in MaraDNS through 2.0.04 computes hash values for DNS data without restricting the ability to trigger hash collisions predictably, which might allow local users to cause a denial of service (CPU consumption) via crafted records in zone files, a different vulnerability...

6AI Score

0.0004EPSS

2012-01-08 12:55 AM
17
cve
cve

CVE-2011-5055

MaraDNS 1.3.07.12 and 1.4.08 computes hash values for DNS data without properly restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted queries with the Recursion Desired (RD) bit set. ...

6.6AI Score

0.005EPSS

2012-01-08 12:55 AM
16
cve
cve

CVE-2011-0520

The compress_add_dlabel_points function in dns/Compress.c in MaraDNS 1.4.03, 1.4.05, and probably other versions allows remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a long DNS hostname with a large number of labels, which triggers a...

7.6AI Score

0.131EPSS

2011-01-28 04:00 PM
27
cve
cve

CVE-2010-2444

parse/Csv2_parse.c in MaraDNS 1.3.03, and other versions before 1.4.03, does not properly handle hostnames that do not end in a "." (dot) character, which allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted csv2 zone...

6.7AI Score

0.002EPSS

2010-06-25 06:30 PM
17
cve
cve

CVE-2008-0061

MaraDNS 1.0 before 1.0.41, 1.2 before 1.2.12.08, and 1.3 before 1.3.07.04 allows remote attackers to cause a denial of service via a crafted DNS packet that prevents an authoritative name (CNAME) record from resolving, aka "improper rotation of resource...

6.3AI Score

0.057EPSS

2008-01-03 10:46 PM
29
cve
cve

CVE-2007-3115

Multiple memory leaks in server/MaraDNS.c in MaraDNS before 1.2.12.06, and 1.3.x before 1.3.05, allow remote attackers to cause a denial of service (memory consumption) via (1) reverse lookups or (2) requests for records in a class other than Internet (IN), a different set of affected versions...

6.5AI Score

0.048EPSS

2007-06-07 09:30 PM
27
cve
cve

CVE-2007-3114

Memory leak in server/MaraDNS.c in MaraDNS before 1.2.12.05, and 1.3.x before 1.3.03, allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors, a different set of affected versions than CVE-2007-3115 and...

6.5AI Score

0.036EPSS

2007-06-07 09:30 PM
24
cve
cve

CVE-2007-3116

Memory leak in server/MaraDNS.c in MaraDNS 1.2.12.06 and 1.3.05 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors, a different set of affected versions than CVE-2007-3114 and...

6.5AI Score

0.013EPSS

2007-06-07 09:30 PM
24
cve
cve

CVE-2004-0789

Multiple implementations of the DNS protocol, including (1) Poslib 1.0.2-1 and earlier as used by Posadis, (2) Axis Network products before firmware 3.13, and (3) Men & Mice Suite 2.2x before 2.2.3 and 3.5.x before 3.5.2, allow remote attackers to cause a denial of service (CPU and network...

7.1AI Score

0.023EPSS

2004-12-31 05:00 AM
74
cve
cve

CVE-2002-2097

The compression code in MaraDNS before 0.9.01 allows remote attackers to cause a denial of service via crafted DNS...

7AI Score

0.013EPSS

2002-12-31 05:00 AM
21