CVE-2007-3115Missing Release of Memory after Effective Lifetime in Maradns

CWE-39912 documents4 sources
Severity
7.8HIGHNVD
NVD5.0OSV5.0
EPSS
2.5%
top 14.68%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
MaradnsDebian Maradns
Timeline
PublishedJun 7
Latest updateMay 1

Description

Multiple memory leaks in server/MaraDNS.c in MaraDNS before 1.2.12.06, and 1.3.x before 1.3.05, allow remote attackers to cause a denial of service (memory consumption) via (1) reverse lookups or (2) requests for records in a class other than Internet (IN), a different set of affected versions than CVE-2007-3114 and CVE-2007-3116.

CVSS vector

AV:N/AC:L/C:N/I:N/A:CExploitability: 10.0 | Impact: 6.9

Affected Packages3 packages

debiandebian/maradns< maradns 1.2.12.05-1 (bullseye)+1
Debianmaradns/maradns< 1.2.12.05-1+1
NVDmaradns/maradns11 versions+10

Patches

Patch: secunia.comPatch: www.securityfocus.comPatch: secunia.com

🔴Vulnerability Details

6
GHSA
GHSA-rq22-m835-836h: Memory leak in server/MaraDNS2022-05-01
GHSA
GHSA-jxgf-rqvh-c65h: Multiple memory leaks in server/MaraDNS2022-05-01
GHSA
GHSA-32vj-x8fv-x955: Memory leak in server/MaraDNS2022-05-01
OSV
CVE-2007-3114: Memory leak in server/MaraDNS2007-06-07
OSV
CVE-2007-3116: Memory leak in server/MaraDNS2007-06-07

📋Vendor Advisories

3
Debian
CVE-2007-3114: maradns - Memory leak in server/MaraDNS.c in MaraDNS before 1.2.12.05, and 1.3.x before 1....2007
Debian
CVE-2007-3116: maradns - Memory leak in server/MaraDNS.c in MaraDNS 1.2.12.06 and 1.3.05 allows remote at...2007
Debian
CVE-2007-3115: maradns - Multiple memory leaks in server/MaraDNS.c in MaraDNS before 1.2.12.06, and 1.3.x...2007
CVE-2007-3115 — Debian Maradns vulnerability | cvebase