CVE-2012-0024

high

Description

MaraDNS before 1.3.07.12 and 1.4.x before 1.4.08 computes hash values for DNS data without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted queries with the Recursion Desired (RD) bit set.

References

Advisories

https://bugzilla.redhat.com/show_bug.cgi?id=771428

http://samiam.org/blog/20111229.html

http://openwall.com/lists/oss-security/2012/01/03/6

http://openwall.com/lists/oss-security/2012/01/03/13

Details

Source: Mitre, NVD

Published: 2012-01-08

Updated: 2025-04-11

Risk Information

CVSS v2

Base Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

Severity: High

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Severity: High

EPSS

EPSS: 0.00757