Denial of Service Vulnerability in Deadwood and MaraDNS
CVE-2014-2031

5.9MEDIUM

Key Information:

Vendor

Maradns Project

Status
Maradns
Vendor
CVE Published:
20 March 2018

What is CVE-2014-2031?

A vulnerability exists in Deadwood and MaraDNS versions prior to specified updates, enabling remote attackers to create a denial of service condition. This flaw results from incorrect bounds checking on certain strings, which can lead to an out-of-bounds read and subsequent crashes when the attacker exploits recursive query capabilities. As a result, systems running these versions may become unavailable, disrupting services.

References

http://www.openwall.com/lists/oss-security/2014/02/19/15
mailing-listx_refsource_MLIST
https://bugzilla.redhat.com/show_bug.cgi?id=1066609
x_refsource_CONFIRM
https://exchange.xforce.ibmcloud.com/vulnerabilities/91203
vdb-entryx_refsource_XF

CVSS V3.1

Score:
5.9
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.