CVE-2017-14339

NameCVE-2017-14339
DescriptionThe DNS packet parser in YADIFA before 2.2.6 does not check for the pr ...
SourceCVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
ReferencesDSA-4001-1
Debian Bugs876315

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
yadifa (PTS)bullseye2.4.2-1fixed
bookworm2.6.4-1fixed
trixie3.0.2-3fixed
forky, sid3.0.6-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
yadifasourcestretch2.2.3-1+deb9u1DSA-4001-1
yadifasource(unstable)2.2.6-1876315

Notes

https://www.tarlogic.com/blog/fuzzing-yadifa-dns/
https://github.com/yadifa/yadifa/blob/v2.2.6/ChangeLog
Search for package or bug name: Reporting problems