GHSA-9663-MQMP-P9MM python-zeroconf: Unbounded TC-deferred queue allows LAN-local memory exhaustion via spoofed-source flood

Impact AsyncListener.handlequeryordefer retained every truncated TC-bit incoming query in self.deferredaddr and armed a per-addr timer in self.timersaddr that flushed the reassembled query within 500 ms RFC 6762 §18.5. Neither the per-addr list nor the number of distinct addr keys was capped, and...

unbound: DNSBomb vulnerability

A DNSBomb flaw was found in the unbound package. The DNSBomb attack works by sending low-rate spoofed queries for a malicious zone to Unbound. By controlling the delay of the malicious authoritative answers, Unbound slowly accumulates pending answers for the spoofed addresses. When the...

unbound: DNSBomb vulnerability

A DNSBomb flaw was found in the unbound package. The DNSBomb attack works by sending low-rate spoofed queries for a malicious zone to Unbound. By controlling the delay of the malicious authoritative answers, Unbound slowly accumulates pending answers for the spoofed addresses. When the...

Exploit for Improperly Implemented Security Check for Standard in Thekelleys Dnsmasq

This is a PoC exploit for CVE-2020-25686, CVE-2020-25684, and CVE-2020-25685, which are related to a DNS cache poisoning vulnerability in the dnsmasq service. The exploit is designed to demonstrate the vulnerability and is not intended for malicious use. The exploit uses a Python script to send...

CVE-2013-0198

Dnsmasq before 2.66test2, when used with certain libvirt configurations, replies to queries from prohibited interfaces, which allows remote attackers to cause a denial of service traffic amplification via spoofed TCP based DNS queries. NOTE: this vulnerability exists because of an incomplete fix...

CVE-2013-0198

Dnsmasq before 2.66test2, when used with certain libvirt configurations, replies to queries from prohibited interfaces, which allows remote attackers to cause a denial of service traffic amplification via spoofed TCP based DNS queries. NOTE: this vulnerability exists because of an incomplete fix...

libvirt+dnsmasq: DNS configured to answer DNS queries from non-virtual networks

Dnsmasq before 2.63test1, when used with certain libvirt configurations, replies to requests from prohibited interfaces, which allows remote attackers to cause a denial of service traffic amplification via a spoofed DNS query...

DEBIAN-CVE-2006-0987

The default configuration of ISC BIND before 9.4.1-P1, when configured as a caching name server, allows recursive queries and provides additional delegation information to arbitrary IP addresses, which allows remote attackers to cause a denial of service traffic amplification via DNS queries with...

DNS_DoS.txt

Subject: Possible Denial Of Service using DNS To: [email protected] SPJ-002-000: .::::::::+ s0ftpr0ject 99 +::::::::. ::::+ Digital Security for Y2K +:::: :::'""""'""""'""""'""""'""'""::: ::'.gS$"$Sn. .gS$"$Sn. Sn.:: :: $$$$$ $$$$$ $$$$$ $$$$$ $$$$ :: :: $$$$$ $$$$$ $$$$$ $$$$ :: ::...