Denial of Service Vulnerability in Deadwood and MaraDNS
CVE-2014-2032

5.9MEDIUM

Key Information:

Vendor

Maradns Project

Status
Maradns
Vendor
CVE Published:
20 March 2018

What is CVE-2014-2032?

Deadwood and associated versions of MaraDNS are vulnerable to a denial of service attack due to improper input validation, enabling remote attackers to exploit recursive query permissions. This inadequacy can result in out-of-bounds read conditions, causing the system to crash and rendering the affected services unavailable.

References

http://www.securityfocus.com/bid/65595
vdb-entryx_refsource_BID
http://www.openwall.com/lists/oss-security/2014/02/19/15
mailing-listx_refsource_MLIST
https://bugzilla.redhat.com/show_bug.cgi?id=1066609
x_refsource_CONFIRM

CVSS V3.1

Score:
5.9
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.