Maradns
Monthly
Connection slot exhaustion in Deadwood (MaraDNS 3.5.0036) allows remote unauthenticated attackers to cause denial of service by triggering lookups for zones with unresolvable authoritative nameserver addresses. This resource exhaustion vulnerability (CWE-670) has CVSS 7.5 severity and EPSS data indicates low exploitation probability. No public exploit identified at time of analysis, though the attack mechanism appears straightforward given the network-accessible attack vector with low complexity.
MaraDNS is open-source software that implements the Domain Name System (DNS). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
An issue was discovered in MaraDNS Deadwood through 3.5.0021 that allows variant V1 of unintended domain name resolution. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The resolver in MaraDNS before 1.3.0.7.15 and 1.4.x before 1.4.12 overwrites cached server names and TTL values in NS records during the processing of a response to an A record query, which allows. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.
MaraDNS before 1.3.07.12 and 1.4.x before 1.4.08 computes hash values for DNS data without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.
Connection slot exhaustion in Deadwood (MaraDNS 3.5.0036) allows remote unauthenticated attackers to cause denial of service by triggering lookups for zones with unresolvable authoritative nameserver addresses. This resource exhaustion vulnerability (CWE-670) has CVSS 7.5 severity and EPSS data indicates low exploitation probability. No public exploit identified at time of analysis, though the attack mechanism appears straightforward given the network-accessible attack vector with low complexity.
MaraDNS is open-source software that implements the Domain Name System (DNS). Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.
An issue was discovered in MaraDNS Deadwood through 3.5.0021 that allows variant V1 of unintended domain name resolution. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.
The resolver in MaraDNS before 1.3.0.7.15 and 1.4.x before 1.4.12 overwrites cached server names and TTL values in NS records during the processing of a response to an A record query, which allows. Rated medium severity (CVSS 4.3), this vulnerability is remotely exploitable. No vendor patch available.
MaraDNS before 1.3.07.12 and 1.4.x before 1.4.08 computes hash values for DNS data without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a. Rated high severity (CVSS 7.8), this vulnerability is remotely exploitable, low attack complexity. This Uncontrolled Resource Consumption vulnerability could allow attackers to cause denial of service by exhausting system resources.