Vulnerability Details CVE-2008-4194
The p_exec_query function in src/dns_query.c in pdnsd before 1.2.7-par allows remote attackers to cause a denial of service (daemon crash) via a long DNS reply with many entries in the answer section, related to a "dangling pointer bug."
Exploit prediction scoring system (EPSS) score
EPSS Score 0.088
EPSS Ranking 92.1%
CVSS Severity
CVSS v2 Score 5.0
References
- http://www.phys.uu.nl/~rombouts/pdnsd.html
- http://www.phys.uu.nl/~rombouts/pdnsd/ChangeLog
- http://www.vupen.com/english/advisories/2008/2582
- https://exchange.xforce.ibmcloud.com/vulnerabilities/45594
- http://www.phys.uu.nl/~rombouts/pdnsd.html
- http://www.phys.uu.nl/~rombouts/pdnsd/ChangeLog
- http://www.vupen.com/english/advisories/2008/2582
- https://exchange.xforce.ibmcloud.com/vulnerabilities/45594
Products affected by CVE-2008-4194
-
cpe:2.3:a:pdnsd:pdnsd:*
-
cpe:2.3:a:pdnsd:pdnsd:1.1.10-par
-
cpe:2.3:a:pdnsd:pdnsd:1.1.11-par
-
cpe:2.3:a:pdnsd:pdnsd:1.1.11a-par
-
cpe:2.3:a:pdnsd:pdnsd:1.1.7
-
cpe:2.3:a:pdnsd:pdnsd:1.1.7a
-
cpe:2.3:a:pdnsd:pdnsd:1.1.8b1-par4
-
cpe:2.3:a:pdnsd:pdnsd:1.1.8b1-par5
-
cpe:2.3:a:pdnsd:pdnsd:1.1.8b1-par6
-
cpe:2.3:a:pdnsd:pdnsd:1.1.8b1-par7
-
cpe:2.3:a:pdnsd:pdnsd:1.1.8b1-par8
-
cpe:2.3:a:pdnsd:pdnsd:1.1.9-par
-
cpe:2.3:a:pdnsd:pdnsd:1.2-par
-
cpe:2.3:a:pdnsd:pdnsd:1.2.1_par
-
cpe:2.3:a:pdnsd:pdnsd:1.2.4-par
-
cpe:2.3:a:pdnsd:pdnsd:1.2.5-par