CVE-2011-5056
Severity Score
2.1
*CVSS v2
Exploit Likelihood
*EPSS
Affected Versions
*CPE
Public Exploits
0
*Multiple Sources
Exploited in Wild
-
*KEV
Decision
-
*SSVC
Descriptions
The authoritative server in MaraDNS through 2.0.04 computes hash values for DNS data without restricting the ability to trigger hash collisions predictably, which might allow local users to cause a denial of service (CPU consumption) via crafted records in zone files, a different vulnerability than CVE-2012-0024.
El servidor autoritativo en maraDNS hasta la versión v2.0.04 calcula los valores hash de los datos del DNS sin restringir la capacidad de obtener colisiones de hash de una forma predecible. Esto podría permitir a usuarios locales provocar una denegación de servicio (consumo de CPU) a través de registros debidamente modificados en los archivos de zona. Se trata de una vulnerabilidad diferente a CVE-2012-0024.
*Credits:
N/A
CVSS Scores
Attack Vector
Attack Complexity
Authentication
Confidentiality
Integrity
Availability
* Common Vulnerability Scoring System
SSVC
- Decision:-
Exploitation
Automatable
Tech. Impact
* Organization's Worst-case Scenario
Timeline
- 2012-01-07 CVE Reserved
- 2012-01-08 CVE Published
- 2023-03-08 EPSS Updated
- 2024-08-07 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-400: Uncontrolled Resource Consumption
CAPEC
References (3)
| URL | Tag | Source |
|---|---|---|
| http://www.securitytracker.com/id?1026820 | Third Party Advisory | |
| https://exchange.xforce.ibmcloud.com/vulnerabilities/72258 | Third Party Advisory |
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| http://samiam.org/blog/20111229.html | 2020-08-14 |
| URL | Date | SRC |
|---|