14 matches found
CVE-2025-37871
CVE-2025-37871 concerns the Linux kernel, where a deadlock warning could occur in NFS delegation handling when a dl_recall queue fails. The root cause described is interaction between nfsd, nfs4_put_stid, and the delegation’s sc_count, which could deadlock during disassociation of an nfs4_delegat...
CVE-2025-39688
In the Linux kernel, the following vulnerability has been resolved: nfsd: allow SCSTATUSFREEABLE when searching via nfs4lookupstateid The pynfs DELEG8 test fails when run against nfsd. It acquires a delegation and then lets the lease time out. It then tries to use the deleg stateid and expects to...
curl: GSS delegation too eager connection re-use
A flaw was found in the Curl package. Libcurl keeps previously used connections in a connection pool for subsequent transfers to reuse if one of them matches the setup. However, the GSS delegation setting was left out from the configuration match checks, making them match too easily, affecting...
SUSE: Security Advisory (SUSE-SU-2015:0480-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
bind: delegation handling denial of service
A denial of service flaw was found in the way BIND followed DNS delegations. A remote attacker could use a specially crafted zone containing a large number of referrals which, when looked up and processed, would cause named to use excessive amounts of memory or crash...
ISC BIND Delegation Handling Denial of Service Vulnerability
ISC BIND is prone to a denial of service vulnerability. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:isc:bind"; ifdescription...
SUSE SLES10 Security Update : bind (SUSE-SU-2015:0488-1)
This bind update to version 9.6-ESV-R11-W1 fixes the following security issue : - A flaw in delegation handling could be exploited to put named into an infinite loop. This has been addressed by placing limits on the number of levels of recursion named will allow default 7, and the number of...
SUSE SLED12 / SLES12 Security Update : bind (SUSE-SU-2015:0096-1)
This update of bind to 9.9.6P1 fixes bugs and also the following security issue : A flaw in delegation handling could be exploited to put named into an infinite loop. This has been addressed by placing limits on the number of levels of recursion named will allow default 7, and the number of...
USN-2484-1 unbound vulnerability
Florian Maury discovered that Unbound incorrectly handled delegation. A remote attacker could possibly use this issue to cause Unbound to consume resources, resulting in a denial of service...
FreeBSD : bind -- denial of service vulnerability (ab3e98d9-8175-11e4-907d-d050992ecde8)
ISC reports : We have today posted updated versions of 9.9.6 and 9.10.1 to address a significant security vulnerability in DNS resolution. The flaw was discovered by Florian Maury of ANSSI, and applies to any recursive resolver that does not support a limit on the number of recursions...
ISC BIND 9.0.x < 9.9.6-P1 'named' Delegation Handling DoS
Binary data 8602.prm...
bind: delegation handling denial of service
A denial of service flaw was found in the way BIND followed DNS delegations. A remote attacker could use a specially crafted zone containing a large number of referrals which, when looked up and processed, would cause named to use excessive amounts of memory or crash...
USN-2437-1: Bind vulnerability
Florian Maury discovered that Bind incorrectly handled delegation. A remote attacker could possibly use this issue to cause Bind to consume resources and crash, resulting in a denial of service...
USN-2437-1 bind9 vulnerability
Florian Maury discovered that Bind incorrectly handled delegation. A remote attacker could possibly use this issue to cause Bind to consume resources and crash, resulting in a denial of service...