iterator.c in NLnet Labs Unbound before 1.5.1 does not limit delegation chaining, which allows remote attackers to cause a denial of service (memory and CPU consumption) via a large or infinite number of referrals.
References
Link | Resource |
---|---|
http://cert.ssi.gouv.fr/site/CERTFR-2014-AVI-512/index.html | Third Party Advisory |
http://unbound.net/downloads/patch_cve_2014_8602.diff | Patch |
http://www.debian.org/security/2014/dsa-3097 | Third Party Advisory |
http://www.kb.cert.org/vuls/id/264212 | Third Party Advisory US Government Resource |
http://www.oracle.com/technetwork/topics/security/linuxbulletinoct2015-2719645.html | |
http://www.securityfocus.com/bid/71589 | |
http://www.ubuntu.com/usn/USN-2484-1 | Third Party Advisory |
https://unbound.net/downloads/CVE-2014-8602.txt | Patch Vendor Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: mitre
Published: 2014-12-11T02:00:00
Updated: 2016-11-25T19:57:01
Reserved: 2014-11-04T00:00:00
Link: CVE-2014-8602
JSON object: View
NVD Information
Status : Modified
Published: 2014-12-11T02:59:03.233
Modified: 2016-11-28T19:13:26.333
Link: CVE-2014-8602
JSON object: View
Redhat Information
No data.
CWE