CVE-2017-7401 — Infinite Loop in Collectd
Severity
7.5HIGHNVD
OSV9.1
EPSS
1.0%
top 23.19%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedApr 3
Latest updateMay 13
Description
Incorrect interaction of the parse_packet() and parse_part_sign_sha256() functions in network.c in collectd 5.7.1 and earlier allows remote attackers to cause a denial of service (infinite loop) of a collectd instance (configured with "SecurityLevel None" and with empty "AuthFile" options) via a crafted UDP packet.
CVSS vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6
Affected Packages4 packages
Patches
🔴Vulnerability Details
3📋Vendor Advisories
3💬Community
5Bugzilla▶
CVE-2017-7401 collectd: Infinite loop due to incorrect interaction of parse_packet() and parse_part_sign_sha256() functions [epel-6]↗2017-04-06
Bugzilla▶
CVE-2017-7401 collectd: Infinite loop due to incorrect interaction of parse_packet() and parse_part_sign_sha256() functions [epel-7]↗2017-04-06
Bugzilla▶
CVE-2017-7401 collectd: Infinite loop due to incorrect interaction of parse_packet() and parse_part_sign_sha256() functions↗2017-04-06
Bugzilla▶
CVE-2017-7401 puppet-collectd: collectd: Infinite loop due to incorrect interaction of parse_packet() and parse_part_sign_sha256() functions [openstack-rdo]↗2017-04-06
Bugzilla▶
CVE-2017-7401 collectd: Infinite loop due to incorrect interaction of parse_packet() and parse_part_sign_sha256() functions [fedora-all]↗2017-04-06