Home > Vulnerability Database > CVE-2012-0024

Mend.io Vulnerability Database

CVE-2012-0024

Date: October 3, 2022

MaraDNS before 1.3.07.12 and 1.4.x before 1.4.08 computes hash values for DNS data without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted queries with the Recursion Desired (RD) bit set.

Severity Score

7.5

Related Resources (7)

Url: http://openwall.com/lists/oss-security/2012/01/03/6

Url: http://openwall.com/lists/oss-security/2012/01/03/13

Url: https://security-tracker.debian.org/tracker/CVE-2012-0024

Url: https://bugzilla.redhat.com/show_bug.cgi?id=771428

Url: http://samiam.org/blog/20111229.html

Url: https://nvd.nist.gov/vuln/detail/CVE-2012-0024

Url: https://www.mend.io/vulnerability-database/CVE-2012-0024

Severity Score

7.5

Weakness Type (CWE)

Uncontrolled Resource Consumption ('Resource Exhaustion')

CWE-400

CVSS v3.1

Base Score:	7.5
Attack Vector (AV):	NETWORK
Attack Complexity (AC):	LOW
Privileges Required (PR):	NONE
User Interaction (UI):	NONE
Scope (S):	UNCHANGED
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	HIGH

CVSS v2

Base Score:	7.8
Access Vector (AV):	NETWORK
Access Complexity (AC):	LOW
Authentication (AU):	NONE
Confidentiality (C):	NONE
Integrity (I):	NONE
Availability (A):	COMPLETE
Additional information:

Mend.io Vulnerability Database

We found results for “”

CVE-2012-0024

Date: October 3, 2022

Severity Score

Related Resources (7)

Severity Score

Weakness Type (CWE)

CVSS v3.1

CVSS v2

Do you need more information?