CVE-2012-0024 — Uncontrolled Resource Consumption in Maradns

CWE-400 — Uncontrolled Resource Consumption CWE-20 — Improper Input Validation13 documents5 sources

Severity

7.8HIGHNVD

NVD5.0NVD2.1OSV5.0

EPSS

0.8%

top 26.64%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Maradns Debian Maradns

Timeline

PublishedJan 8

Latest updateMay 17

Description

MaraDNS before 1.3.07.12 and 1.4.x before 1.4.08 computes hash values for DNS data without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted queries with the Recursion Desired (RD) bit set.

CVSS vector

AV:N/AC:L/C:N/I:N/A:CExploitability: 10.0 | Impact: 6.9

Affected Packages3 packages

▶debiandebian/maradns< maradns 1.4.09-1 (bullseye)+1

▶NVDmaradns/maradns1.4.0 — 1.4.08+4

▶Debianmaradns/maradns< 1.4.09-1

Patches

Patch: samiam.org ↗Patch: samiam.org ↗

🔴Vulnerability Details

GHSA

GHSA-cm5j-hcw6-754p: MaraDNS 1↗2022-05-17

▶

GHSA

GHSA-p696-w4f9-fqc3: The authoritative server in MaraDNS through 2↗2022-05-13

▶

GHSA

GHSA-34xr-8rpc-3j54: MaraDNS before 1↗2022-05-04

▶

OSV

CVE-2011-5055: MaraDNS 1↗2012-01-08

▶

OSV

CVE-2012-0024: MaraDNS before 1↗2012-01-08

▶

📋Vendor Advisories

Debian

CVE-2012-0024: maradns - MaraDNS before 1.3.07.12 and 1.4.x before 1.4.08 computes hash values for DNS da...↗2012

▶

Debian

CVE-2011-5056: maradns - The authoritative server in MaraDNS through 2.0.04 computes hash values for DNS ...↗2011

▶

Debian

CVE-2011-5055: maradns - MaraDNS 1.3.07.12 and 1.4.08 computes hash values for DNS data without properly ...↗2011

▶

💬Community

Bugzilla

CVE-2012-2353 moodle: Upstream 2.2.3, 2.1.6, 2.0.9 and 1.9.18 fixes↗2012-05-23

▶

Bugzilla

CVE-2011-5056 CVE-2012-0024 maradns: hash table collisions CPU usage DoS↗2012-01-03

▶