← back
CVE-2017-7401

CVE-2017-7401

EPSS 4.0%
Incorrect interaction of the parse_packet() and parse_part_sign_sha256() functions in network.c in collectd 5.7.1 and earlier allows remote attackers to cause a denial of service (infinite loop) of a collectd instance (configured with "SecurityLevel None" and with empty "AuthFile" options) via a crafted UDP packet.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
https://access.redhat.com/errata/RHSA-2017:1285https://access.redhat.com/errata/RHSA-2017:1787https://access.redhat.com/errata/RHSA-2018:2615https://github.com/collectd/collectd/issues/2174http://www.securityfocus.com/bid/97321