CVE-2011-5055
MaraDNS 1.3.07.12 and 1.4.08 - Denial of Service via DNS Hash Collision
Title source: llmDescription
MaraDNS 1.3.07.12 and 1.4.08 computes hash values for DNS data without properly restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted queries with the Recursion Desired (RD) bit set. NOTE: this issue exists because of an incomplete fix for CVE-2012-0024.
References (4)
Core 4
Core References
Patch x_refsource_confirm
http://samiam.org/blog/20111230.html
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=771428
Mailing List mailing-list
x_refsource_mlist
http://openwall.com/lists/oss-security/2012/01/03/6
Mailing List mailing-list
x_refsource_mlist
http://openwall.com/lists/oss-security/2012/01/03/13
Scores
EPSS
0.0158
EPSS Percentile
72.6%
Details
CWE
CWE-20
Status
published
Products (2)
maradns/maradns
1.3.07.012
maradns/maradns
1.4.08
Published
Jan 08, 2012
Tracked Since
Feb 18, 2026