CVE-2017-14339

HIGH

YADIFA < 2.2.6 - Denial of Service via DNS Packet Parser Infinite Loop

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2017-14339. PoCs published by X-C3LL.

AI-analyzed exploit summary This PoC exploits a DoS vulnerability in Yadifa DNS server by sending a malformed UDP packet that triggers an infinite loop due to a self-reference. The exploit is a simple Python script that sends a hex-encoded payload to the target server.

Description

The DNS packet parser in YADIFA before 2.2.6 does not check for the presence of infinite pointer loops, and thus it is possible to force it to enter an infinite loop. This can cause high CPU usage and makes the server unresponsive.

Exploits (1)

github WORKING POC 11 stars
by X-C3LL · pythonpoc
https://github.com/X-C3LL/PoC-CVEs/tree/master/CVE-2017-14339

This PoC exploits a DoS vulnerability in Yadifa DNS server by sending a malformed UDP packet that triggers an infinite loop due to a self-reference. The exploit is a simple Python script that sends a hex-encoded payload to the target server.

Classification
Working Poc 95%
Attack Type
Dos
Complexity
Trivial
Reliability
Reliable
Target: Yadifa DNS server
No auth needed
Prerequisites: network access to the target server · UDP port 53 (or custom port) accessible
devstral-2 · analyzed Feb 27, 2026 Full analysis →

References (3)

Core 3
Core References
Exploit, Technical Description, Third Party Advisory x_refsource_misc
https://www.tarlogic.com/blog/fuzzing-yadifa-dns/
Third Party Advisory vendor-advisory x_refsource_debian
http://www.debian.org/security/2017/dsa-4001

Scores

CVSS v3 7.5
EPSS 0.0253
EPSS Percentile 82.8%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Details

CWE
CWE-835
Status published
Products (1)
yadifa/yadifa < 2.2.5
Published Sep 20, 2017
Tracked Since Feb 18, 2026