National Vulnerability Database

National Vulnerability Database

National Vulnerability
Database

Search Results (Refine Search)

Search Parameters:
  • Keyword (text search): MaraDNS
  • Search Type: Search All
  • Contains Software Flaws (CVE)
There are 13 matching records.
Vuln ID Summary CVSS Severity
CVE-2014-2032

Deadwood before 2.3.09, 3.x before 3.2.05, and as used in MaraDNS before 1.4.14 and 2.x before 2.0.09, allow remote attackers to cause a denial of service (out-of-bounds read and crash) by leveraging permission to perform recursive queries against Deadwood, related to missing input validation.

Published: March 20, 2018; 05:29:00 PM -04:00
V3: 5.9 MEDIUM
V2: 4.3 MEDIUM
CVE-2014-2031

Deadwood before 2.3.09, 3.x before 3.2.05, and as used in MaraDNS before 1.4.14 and 2.x before 2.0.09, allow remote attackers to cause a denial of service (out-of-bounds read and crash) by leveraging permission to perform recursive queries against Deadwood, related to a logic error.

Published: March 20, 2018; 05:29:00 PM -04:00
V3: 5.9 MEDIUM
V2: 4.3 MEDIUM
CVE-2012-1570

The resolver in MaraDNS before 1.3.0.7.15 and 1.4.x before 1.4.12 overwrites cached server names and TTL values in NS records during the processing of a response to an A record query, which allows remote attackers to trigger continued resolvability of revoked domain names via a "ghost domain names" attack.

Published: March 28, 2012; 06:55:00 AM -04:00
V2: 6.4 MEDIUM
CVE-2012-0024

MaraDNS before 1.3.07.12 and 1.4.x before 1.4.08 computes hash values for DNS data without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted queries with the Recursion Desired (RD) bit set.

Published: January 07, 2012; 07:55:03 PM -05:00
V2: 5.0 MEDIUM
CVE-2011-5056

The authoritative server in MaraDNS through 2.0.04 computes hash values for DNS data without restricting the ability to trigger hash collisions predictably, which might allow local users to cause a denial of service (CPU consumption) via crafted records in zone files, a different vulnerability than CVE-2012-0024.

Published: January 07, 2012; 07:55:03 PM -05:00
V2: 2.1 LOW
CVE-2011-5055

MaraDNS 1.3.07.12 and 1.4.08 computes hash values for DNS data without properly restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted queries with the Recursion Desired (RD) bit set. NOTE: this issue exists because of an incomplete fix for CVE-2012-0024.

Published: January 07, 2012; 07:55:03 PM -05:00
V2: 5.0 MEDIUM
CVE-2011-0520

The compress_add_dlabel_points function in dns/Compress.c in MaraDNS 1.4.03, 1.4.05, and probably other versions allows remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a long DNS hostname with a large number of labels, which triggers a heap-based buffer overflow.

Published: January 28, 2011; 11:00:04 AM -05:00
V2: 7.5 HIGH
CVE-2010-2444

parse/Csv2_parse.c in MaraDNS 1.3.03, and other versions before 1.4.03, does not properly handle hostnames that do not end in a "." (dot) character, which allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted csv2 zone file.

Published: June 25, 2010; 02:30:01 PM -04:00
V2: 4.3 MEDIUM
CVE-2008-0061

MaraDNS 1.0 before 1.0.41, 1.2 before 1.2.12.08, and 1.3 before 1.3.07.04 allows remote attackers to cause a denial of service via a crafted DNS packet that prevents an authoritative name (CNAME) record from resolving, aka "improper rotation of resource records."

Published: January 03, 2008; 05:46:00 PM -05:00
V2: 5.0 MEDIUM
CVE-2007-3114

Memory leak in server/MaraDNS.c in MaraDNS before 1.2.12.05, and 1.3.x before 1.3.03, allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors, a different set of affected versions than CVE-2007-3115 and CVE-2007-3116.

Published: June 07, 2007; 05:30:00 PM -04:00
V2: 5.0 MEDIUM
CVE-2007-3115

Multiple memory leaks in server/MaraDNS.c in MaraDNS before 1.2.12.06, and 1.3.x before 1.3.05, allow remote attackers to cause a denial of service (memory consumption) via (1) reverse lookups or (2) requests for records in a class other than Internet (IN), a different set of affected versions than CVE-2007-3114 and CVE-2007-3116.

Published: June 07, 2007; 05:30:00 PM -04:00
V2: 7.8 HIGH
CVE-2007-3116

Memory leak in server/MaraDNS.c in MaraDNS 1.2.12.06 and 1.3.05 allows remote attackers to cause a denial of service (memory consumption) via unspecified vectors, a different set of affected versions than CVE-2007-3114 and CVE-2007-3115.

Published: June 07, 2007; 05:30:00 PM -04:00
V2: 5.0 MEDIUM
CVE-2002-2097

The compression code in MaraDNS before 0.9.01 allows remote attackers to cause a denial of service via crafted DNS packets.

Published: December 31, 2002; 12:00:00 AM -05:00
V2: 5.0 MEDIUM