Vulnerability Details CVE-2010-2444
parse/Csv2_parse.c in MaraDNS 1.3.03, and other versions before 1.4.03, does not properly handle hostnames that do not end in a "." (dot) character, which allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted csv2 zone file.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.005
EPSS Ranking 65.1%
CVSS Severity
CVSS v2 Score 4.3
References
- http://maradns.org/download/maradns-1.4.02-parse_segfault.patch
- http://www.openwall.com/lists/oss-security/2010/06/09/4
- http://www.openwall.com/lists/oss-security/2010/06/24/5
- http://maradns.org/download/maradns-1.4.02-parse_segfault.patch
- http://www.openwall.com/lists/oss-security/2010/06/09/4
- http://www.openwall.com/lists/oss-security/2010/06/24/5
Products affected by CVE-2010-2444
-
cpe:2.3:a:maradns:maradns:1.3.03
-
cpe:2.3:a:maradns:maradns:1.3.04
-
cpe:2.3:a:maradns:maradns:1.3.05
-
cpe:2.3:a:maradns:maradns:1.3.06
-
cpe:2.3:a:maradns:maradns:1.3.07.01
-
cpe:2.3:a:maradns:maradns:1.3.07.02
-
cpe:2.3:a:maradns:maradns:1.3.07.03
-
cpe:2.3:a:maradns:maradns:1.3.07.04
-
cpe:2.3:a:maradns:maradns:1.3.07.05
-
cpe:2.3:a:maradns:maradns:1.3.07.06
-
cpe:2.3:a:maradns:maradns:1.3.07.07
-
cpe:2.3:a:maradns:maradns:1.3.07.08
-
cpe:2.3:a:maradns:maradns:1.3.07.09
-
cpe:2.3:a:maradns:maradns:1.3.08
-
cpe:2.3:a:maradns:maradns:1.3.09
-
cpe:2.3:a:maradns:maradns:1.3.10
-
cpe:2.3:a:maradns:maradns:1.3.11
-
cpe:2.3:a:maradns:maradns:1.3.12
-
cpe:2.3:a:maradns:maradns:1.3.13
-
cpe:2.3:a:maradns:maradns:1.3.14
-
cpe:2.3:a:maradns:maradns:1.4.01
-
cpe:2.3:a:maradns:maradns:1.4.02