CVE-2011-5055

MaraDNS 1.3.07.12 and 1.4.08 - Denial of Service via DNS Hash Collision

Title source: llm
STIX 2.1

Description

MaraDNS 1.3.07.12 and 1.4.08 computes hash values for DNS data without properly restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted queries with the Recursion Desired (RD) bit set. NOTE: this issue exists because of an incomplete fix for CVE-2012-0024.

References (4)

Core 4
Core References
Patch x_refsource_confirm
http://samiam.org/blog/20111230.html
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=771428
Mailing List mailing-list x_refsource_mlist
http://openwall.com/lists/oss-security/2012/01/03/6
Mailing List mailing-list x_refsource_mlist
http://openwall.com/lists/oss-security/2012/01/03/13

Scores

EPSS 0.0158
EPSS Percentile 72.6%

Details

CWE
CWE-20
Status published
Products (2)
maradns/maradns 1.3.07.012
maradns/maradns 1.4.08
Published Jan 08, 2012
Tracked Since Feb 18, 2026