Lucene search

Ubuntu.comUB:CVE-2017-14339

HistorySep 20, 2017 - 12:00 a.m.

CVE-2017-14339

2017-09-2000:00:00

ubuntu.com

CVSS2

7.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.004

Percentile

72.9%

JSON

The DNS packet parser in YADIFA before 2.2.6 does not check for the
presence of infinite pointer loops, and thus it is possible to force it to
enter an infinite loop. This can cause high CPU usage and makes the server
unresponsive.

Bugs

<http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=876315>

OSVersionArchitecturePackageVersionFilename
ubuntu16.04noarchyadifa< anyUNKNOWN
ubuntu17.04noarchyadifa< 2.2.3-1+deb9u1build0.17.04.1UNKNOWN

OS	Version	Architecture	Package	Version	Filename
ubuntu	16.04	noarch	yadifa	< any	UNKNOWN
ubuntu	17.04	noarch	yadifa	< 2.2.3-1+deb9u1build0.17.04.1	UNKNOWN

References

github.com/yadifa/yadifa/blob/v2.2.6/ChangeLog

launchpad.net/bugs/cve/CVE-2017-14339

nvd.nist.gov/vuln/detail/CVE-2017-14339

security-tracker.debian.org/tracker/CVE-2017-14339

www.cve.org/CVERecord?id=CVE-2017-14339

www.tarlogic.com/blog/fuzzing-yadifa-dns/

CVSS2

7.8

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

COMPLETE

AV:N/AC:L/Au:N/C:N/I:N/A:C

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS

0.004

Percentile

72.9%

JSON

Related for UB:CVE-2017-14339