The calculated severity for CVEs has been updated to use CVSS v3 by default. CVEs that do not have a CVSS v3 score will fall back CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.
The compress_add_dlabel_points function in dns/Compress.c in MaraDNS 1.4.03, 1.4.05, and probably other versions allows remote attackers to cause a denial of service (segmentation fault) and possibly execute arbitrary code via a long DNS hostname with a large number of labels, which triggers a heap-based buffer overflow.
|73481||MaraDNS < 1.3.07.11 / 1.4.x < 1.4.06 / 2.0.x < 2.0.02 compress_add_dlabel_points Function Buffer Overflow||Nessus||DNS|
|56902||GLSA-201111-06 : MaraDNS: Arbitrary code execution||Nessus||Gentoo Local Security Checks|
|52720||Debian DSA-2196-1 : maradns - buffer overflow||Nessus||Debian Local Security Checks|
|51832||FreeBSD : maradns -- denial of service when resolving a long DNS hostname (8015600f-2c80-11e0-9cc1-00163e5bf4f9)||Nessus||FreeBSD Local Security Checks|