CVE-2011-5055 — Improper Input Validation in Maradns

CWE-20 — Improper Input Validation5 documents5 sources

Severity

5.0MEDIUMNVD

EPSS

0.6%

top 30.38%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Maradns Debian Maradns

Timeline

PublishedJan 8

Latest updateMay 17

Description

MaraDNS 1.3.07.12 and 1.4.08 computes hash values for DNS data without properly restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted queries with the Recursion Desired (RD) bit set. NOTE: this issue exists because of an incomplete fix for CVE-2012-0024.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages3 packages

▶debiandebian/maradns< maradns 1.4.09-1 (bullseye)

▶Debianmaradns/maradns< 1.4.09-1

▶NVDmaradns/maradns1.3.07.012, 1.4.08+1

Patches

Patch: samiam.org ↗Patch: samiam.org ↗

🔴Vulnerability Details

GHSA

GHSA-cm5j-hcw6-754p: MaraDNS 1↗2022-05-17

▶

OSV

CVE-2011-5055: MaraDNS 1↗2012-01-08

▶

📋Vendor Advisories

Debian

CVE-2011-5055: maradns - MaraDNS 1.3.07.12 and 1.4.08 computes hash values for DNS data without properly ...↗2011

▶

💬Community

Bugzilla

CVE-2011-5056 CVE-2012-0024 maradns: hash table collisions CPU usage DoS↗2012-01-03

▶