CVE-2008-4194

Pdnsd < 1.2.6-par - Resource Management Error

Title source: rule

Description

The p_exec_query function in src/dns_query.c in pdnsd before 1.2.7-par allows remote attackers to cause a denial of service (daemon crash) via a long DNS reply with many entries in the answer section, related to a "dangling pointer bug."

Exploits (3)

exploitdb WORKING POC VERIFIED

by Marc Bevand · cremotemultiple

https://www.exploit-db.com/exploits/6130

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by Julien Desfossez · pythonremotemultiple

https://www.exploit-db.com/exploits/6123

View Code ZIP pw:eip

exploitdb WORKING POC VERIFIED

by I)ruid · rubyremotemultiple

https://www.exploit-db.com/exploits/6122

View Code ZIP pw:eip

References (4)

[Various Sources] http://www.phys.uu.nl/~rombouts/pdnsd.html

[Various Sources] http://www.phys.uu.nl/~rombouts/pdnsd/ChangeLog

[Third Party Advisory, VDB Entry] https://exchange.xforce.ibmcloud.com/vulnerabilities/45594

[Third Party Advisory] http://www.vupen.com/english/advisories/2008/2582

Scores

EPSS 0.1166

EPSS Percentile 93.7%

Details

CWE

CWE-399

Status published

Products (16)

pdnsd/pdnsd 1.1.7

pdnsd/pdnsd 1.1.7a

pdnsd/pdnsd 1.1.8b1-par4

pdnsd/pdnsd 1.1.8b1-par5

pdnsd/pdnsd 1.1.8b1-par6

pdnsd/pdnsd 1.1.8b1-par7

pdnsd/pdnsd 1.1.8b1-par8

pdnsd/pdnsd 1.1.9-par

pdnsd/pdnsd 1.1.10-par

pdnsd/pdnsd 1.1.11-par

... and 6 more

Published Sep 24, 2008

Tracked Since Feb 18, 2026