CVE-2012-0024
MaraDNS < 1.3.07.12 and 1.4.x < 1.4.08 - Denial of Service via DNS Query Hash Collisions
Title source: llmDescription
MaraDNS before 1.3.07.12 and 1.4.x before 1.4.08 computes hash values for DNS data without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted queries with the Recursion Desired (RD) bit set.
References (4)
Core 4
Core References
Patch, Third Party Advisory x_refsource_confirm
http://samiam.org/blog/20111229.html
Issue Tracking, Third Party Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=771428
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
http://openwall.com/lists/oss-security/2012/01/03/6
Mailing List, Third Party Advisory mailing-list
x_refsource_mlist
http://openwall.com/lists/oss-security/2012/01/03/13
Scores
EPSS
0.0289
EPSS Percentile
85.1%
Details
CWE
CWE-400
Status
published
Products (1)
maradns/maradns
< 1.3.07.12
Published
Jan 08, 2012
Tracked Since
Feb 18, 2026