MaraDNS before 1.3.07.12 and 1.4.x before 1.4.08 computes...
High severity
Unreviewed
Published
May 4, 2022
to the GitHub Advisory Database
•
Updated Feb 1, 2023
Description
Published by the National Vulnerability Database
Jan 8, 2012
Published to the GitHub Advisory Database
May 4, 2022
Last updated
Feb 1, 2023
MaraDNS before 1.3.07.12 and 1.4.x before 1.4.08 computes hash values for DNS data without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted queries with the Recursion Desired (RD) bit set.
References