CVE-2008-4194

Severity CVSS v4.0:
Pending analysis
Type:
CWE-399 Resource Management Errors
Publication date:
24/09/2008
Last modified:
09/04/2025

Description

The p_exec_query function in src/dns_query.c in pdnsd before 1.2.7-par allows remote attackers to cause a denial of service (daemon crash) via a long DNS reply with many entries in the answer section, related to a "dangling pointer bug."

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:pdnsd:pdnsd:*:*:*:*:*:*:*:* 1.2.6-par (including)
cpe:2.3:a:pdnsd:pdnsd:1.1.7:*:*:*:*:*:*:*
cpe:2.3:a:pdnsd:pdnsd:1.1.7a:*:*:*:*:*:*:*
cpe:2.3:a:pdnsd:pdnsd:1.1.8b1-par4:*:*:*:*:*:*:*
cpe:2.3:a:pdnsd:pdnsd:1.1.8b1-par5:*:*:*:*:*:*:*
cpe:2.3:a:pdnsd:pdnsd:1.1.8b1-par6:*:*:*:*:*:*:*
cpe:2.3:a:pdnsd:pdnsd:1.1.8b1-par7:*:*:*:*:*:*:*
cpe:2.3:a:pdnsd:pdnsd:1.1.8b1-par8:*:*:*:*:*:*:*
cpe:2.3:a:pdnsd:pdnsd:1.1.9-par:*:*:*:*:*:*:*
cpe:2.3:a:pdnsd:pdnsd:1.1.10-par:*:*:*:*:*:*:*
cpe:2.3:a:pdnsd:pdnsd:1.1.11-par:*:*:*:*:*:*:*
cpe:2.3:a:pdnsd:pdnsd:1.1.11a-par:*:*:*:*:*:*:*
cpe:2.3:a:pdnsd:pdnsd:1.2-par:*:*:*:*:*:*:*
cpe:2.3:a:pdnsd:pdnsd:1.2.1_par:*:*:*:*:*:*:*
cpe:2.3:a:pdnsd:pdnsd:1.2.4-par:*:*:*:*:*:*:*