CVE-2017-14339

HIGH

YADIFA <2.2.6 - DoS

Title source: llm

Description

The DNS packet parser in YADIFA before 2.2.6 does not check for the presence of infinite pointer loops, and thus it is possible to force it to enter an infinite loop. This can cause high CPU usage and makes the server unresponsive.

Exploits (1)

github WORKING POC 11 stars

by X-C3LL · pythonpoc

https://github.com/X-C3LL/PoC-CVEs/tree/master/CVE-2017-14339

View Code ZIP pw:eip

References (3)

[Third Party Advisory] https://github.com/yadifa/yadifa/blob/v2.2.6/ChangeLog

View Writeup ZIP pw:eip

[Exploit, Technical Description, Third Party Advisory] https://www.tarlogic.com/blog/fuzzing-yadifa-dns/

[Third Party Advisory] http://www.debian.org/security/2017/dsa-4001

Scores

CVSS v3 7.5

EPSS 0.0083

EPSS Percentile 74.6%

Attack Vector NETWORK

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE

CWE-835

Status published

Products (1)

yadifa/yadifa < 2.2.5

Published Sep 20, 2017

Tracked Since Feb 18, 2026