Описание
Incorrect interaction of the parse_packet() and parse_part_sign_sha256() functions in network.c in collectd 5.7.1 and earlier allows remote attackers to cause a denial of service (infinite loop) of a collectd instance (configured with "SecurityLevel None" and with empty "AuthFile" options) via a crafted UDP packet.
collectd contains an infinite loop due to how the parse_packet() and parse_part_sign_sha256() functions interact. If an instance of collectd is configured with "SecurityLevel None" and empty "AuthFile" options, an attacker can send crafted UDP packets that trigger the infinite loop, causing a denial of service.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux OpenStack Platform 7 (Kilo) Operational Tools | collectd | Will not fix | ||
| Red Hat OpenStack Platform 10 (Newton) Operational Tools | collectd | Will not fix | ||
| Red Hat OpenStack Platform 12 (Pike) Operational Tools | collectd | Not affected | ||
| Red Hat OpenStack Platform 8 (Liberty) Operational Tools | collectd | Will not fix | ||
| Red Hat OpenStack Platform 9 (Mitaka) Operational Tools | collectd | Will not fix | ||
| Red Hat Storage Console 2 | collectd | Will not fix | ||
| Red Hat Gluster Storage 3.4 for RHEL 7 | collectd | Fixed | RHSA-2018:2615 | 04.09.2018 |
| Red Hat OpenStack Platform 11.0 Operational Tools for RHEL 7 | collectd | Fixed | RHSA-2017:1787 | 19.07.2017 |
| Red Hat Virtualization 4 for Red Hat Enterprise Linux 7 | collectd | Fixed | RHSA-2017:1285 | 24.05.2017 |
| Red Hat Virtualization Engine 4.1 | collectd | Fixed | RHSA-2017:1285 | 24.05.2017 |
Показывать по
Дополнительная информация
Статус:
5.9 Medium
CVSS3
Связанные уязвимости
Incorrect interaction of the parse_packet() and parse_part_sign_sha256() functions in network.c in collectd 5.7.1 and earlier allows remote attackers to cause a denial of service (infinite loop) of a collectd instance (configured with "SecurityLevel None" and with empty "AuthFile" options) via a crafted UDP packet.
Incorrect interaction of the parse_packet() and parse_part_sign_sha256() functions in network.c in collectd 5.7.1 and earlier allows remote attackers to cause a denial of service (infinite loop) of a collectd instance (configured with "SecurityLevel None" and with empty "AuthFile" options) via a crafted UDP packet.
Incorrect interaction of the parse_packet() and parse_part_sign_sha256 ...
Incorrect interaction of the parse_packet() and parse_part_sign_sha256() functions in network.c in collectd 5.7.1 and earlier allows remote attackers to cause a denial of service (infinite loop) of a collectd instance (configured with "SecurityLevel None" and with empty "AuthFile" options) via a crafted UDP packet.
5.9 Medium
CVSS3