CVE-2012-0024 (GCVE-0-2012-0024)
Vulnerability from cvelistv5 – Published: 2012-01-08 00:00 – Updated: 2024-09-17 00:51
VLAI
EPSS
VEX
Summary
MaraDNS before 1.3.07.12 and 1.4.x before 1.4.08 computes hash values for DNS data without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted queries with the Recursion Desired (RD) bit set.
Severity
No CVSS data available.
CWE
- n/a
Assigner
References
4 references
| URL | Tags |
|---|---|
| http://samiam.org/blog/20111229.html | x_refsource_CONFIRM |
| https://bugzilla.redhat.com/show_bug.cgi?id=771428 | x_refsource_CONFIRM |
| http://openwall.com/lists/oss-security/2012/01/03/6 | mailing-listx_refsource_MLIST |
| http://openwall.com/lists/oss-security/2012/01/03/13 | mailing-listx_refsource_MLIST |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T18:09:17.254Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "http://samiam.org/blog/20111229.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=771428"
},
{
"name": "[oss-security] 20120103 CVE request: maradns hash table collision cpu dos",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2012/01/03/6"
},
{
"name": "[oss-security] 20120103 Re: CVE request: maradns hash table collision cpu dos",
"tags": [
"mailing-list",
"x_refsource_MLIST",
"x_transferred"
],
"url": "http://openwall.com/lists/oss-security/2012/01/03/13"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "n/a",
"vendor": "n/a",
"versions": [
{
"status": "affected",
"version": "n/a"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "MaraDNS before 1.3.07.12 and 1.4.x before 1.4.08 computes hash values for DNS data without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted queries with the Recursion Desired (RD) bit set."
}
],
"problemTypes": [
{
"descriptions": [
{
"description": "n/a",
"lang": "en",
"type": "text"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2012-01-08T00:00:00.000Z",
"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"shortName": "redhat"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "http://samiam.org/blog/20111229.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=771428"
},
{
"name": "[oss-security] 20120103 CVE request: maradns hash table collision cpu dos",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2012/01/03/6"
},
{
"name": "[oss-security] 20120103 Re: CVE request: maradns hash table collision cpu dos",
"tags": [
"mailing-list",
"x_refsource_MLIST"
],
"url": "http://openwall.com/lists/oss-security/2012/01/03/13"
}
],
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "secalert@redhat.com",
"ID": "CVE-2012-0024",
"STATE": "PUBLIC"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "n/a",
"version": {
"version_data": [
{
"version_value": "n/a"
}
]
}
}
]
},
"vendor_name": "n/a"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "MaraDNS before 1.3.07.12 and 1.4.x before 1.4.08 computes hash values for DNS data without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted queries with the Recursion Desired (RD) bit set."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "n/a"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "http://samiam.org/blog/20111229.html",
"refsource": "CONFIRM",
"url": "http://samiam.org/blog/20111229.html"
},
{
"name": "https://bugzilla.redhat.com/show_bug.cgi?id=771428",
"refsource": "CONFIRM",
"url": "https://bugzilla.redhat.com/show_bug.cgi?id=771428"
},
{
"name": "[oss-security] 20120103 CVE request: maradns hash table collision cpu dos",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2012/01/03/6"
},
{
"name": "[oss-security] 20120103 Re: CVE request: maradns hash table collision cpu dos",
"refsource": "MLIST",
"url": "http://openwall.com/lists/oss-security/2012/01/03/13"
}
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749",
"assignerShortName": "redhat",
"cveId": "CVE-2012-0024",
"datePublished": "2012-01-08T00:00:00.000Z",
"dateReserved": "2011-12-07T00:00:00.000Z",
"dateUpdated": "2024-09-17T00:51:16.255Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"vulnerability-lookup:meta": {
"epss": {
"cve": "CVE-2012-0024",
"date": "2026-07-14",
"epss": "0.02888",
"percentile": "0.85264"
},
"fkie_nvd": {
"configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:maradns:maradns:*:*:*:*:*:*:*:*\", \"versionEndExcluding\": \"1.3.07.12\", \"matchCriteriaId\": \"31D1C086-CDF1-4A18-942A-34378F9ADC2A\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:maradns:maradns:*:*:*:*:*:*:*:*\", \"versionStartIncluding\": \"1.4.0\", \"versionEndExcluding\": \"1.4.08\", \"matchCriteriaId\": \"5AF0F73F-81E3-42B3-A9DC-5E6233083BF3\"}]}]}]",
"descriptions": "[{\"lang\": \"en\", \"value\": \"MaraDNS before 1.3.07.12 and 1.4.x before 1.4.08 computes hash values for DNS data without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted queries with the Recursion Desired (RD) bit set.\"}, {\"lang\": \"es\", \"value\": \"MaraDNS antes de v1.3.07.12 y v1.4.x antes de v1.4.08 calcula los valores hash de los datos del DNS sin restringir la capacidad de obtener colisiones hash de una forma predecible. Esto permite a atacantes remotos provocar una denegaci\\u00f3n de servicio (por consumo de CPU) mediante el env\\u00edo de muchas consultas debidamente modificadas con el bit Recursion Desired (recursividad deseada - RD) activado.\"}]",
"id": "CVE-2012-0024",
"lastModified": "2024-11-21T01:34:14.207",
"metrics": "{\"cvssMetricV2\": [{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"2.0\", \"vectorString\": \"AV:N/AC:L/Au:N/C:N/I:N/A:C\", \"baseScore\": 7.8, \"accessVector\": \"NETWORK\", \"accessComplexity\": \"LOW\", \"authentication\": \"NONE\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"COMPLETE\"}, \"baseSeverity\": \"HIGH\", \"exploitabilityScore\": 10.0, \"impactScore\": 6.9, \"acInsufInfo\": false, \"obtainAllPrivilege\": false, \"obtainUserPrivilege\": false, \"obtainOtherPrivilege\": false, \"userInteractionRequired\": false}]}",
"published": "2012-01-08T00:55:03.597",
"references": "[{\"url\": \"http://openwall.com/lists/oss-security/2012/01/03/13\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://openwall.com/lists/oss-security/2012/01/03/6\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://samiam.org/blog/20111229.html\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=771428\", \"source\": \"secalert@redhat.com\", \"tags\": [\"Issue Tracking\", \"Third Party Advisory\"]}, {\"url\": \"http://openwall.com/lists/oss-security/2012/01/03/13\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://openwall.com/lists/oss-security/2012/01/03/6\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Mailing List\", \"Third Party Advisory\"]}, {\"url\": \"http://samiam.org/blog/20111229.html\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\", \"Third Party Advisory\"]}, {\"url\": \"https://bugzilla.redhat.com/show_bug.cgi?id=771428\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Issue Tracking\", \"Third Party Advisory\"]}]",
"sourceIdentifier": "secalert@redhat.com",
"vulnStatus": "Modified",
"weaknesses": "[{\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-400\"}]}]"
},
"nvd": "{\"cve\":{\"id\":\"CVE-2012-0024\",\"sourceIdentifier\":\"secalert@redhat.com\",\"published\":\"2012-01-08T00:55:03.597\",\"lastModified\":\"2026-04-29T01:13:23.040\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"MaraDNS before 1.3.07.12 and 1.4.x before 1.4.08 computes hash values for DNS data without restricting the ability to trigger hash collisions predictably, which allows remote attackers to cause a denial of service (CPU consumption) by sending many crafted queries with the Recursion Desired (RD) bit set.\"},{\"lang\":\"es\",\"value\":\"MaraDNS antes de v1.3.07.12 y v1.4.x antes de v1.4.08 calcula los valores hash de los datos del DNS sin restringir la capacidad de obtener colisiones hash de una forma predecible. Esto permite a atacantes remotos provocar una denegaci\u00f3n de servicio (por consumo de CPU) mediante el env\u00edo de muchas consultas debidamente modificadas con el bit Recursion Desired (recursividad deseada - RD) activado.\"}],\"metrics\":{\"cvssMetricV2\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"2.0\",\"vectorString\":\"AV:N/AC:L/Au:N/C:N/I:N/A:C\",\"baseScore\":7.8,\"accessVector\":\"NETWORK\",\"accessComplexity\":\"LOW\",\"authentication\":\"NONE\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"COMPLETE\"},\"baseSeverity\":\"HIGH\",\"exploitabilityScore\":10.0,\"impactScore\":6.9,\"acInsufInfo\":false,\"obtainAllPrivilege\":false,\"obtainUserPrivilege\":false,\"obtainOtherPrivilege\":false,\"userInteractionRequired\":false}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-400\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:maradns:maradns:*:*:*:*:*:*:*:*\",\"versionEndExcluding\":\"1.3.07.12\",\"matchCriteriaId\":\"31D1C086-CDF1-4A18-942A-34378F9ADC2A\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:maradns:maradns:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"1.4.0\",\"versionEndExcluding\":\"1.4.08\",\"matchCriteriaId\":\"5AF0F73F-81E3-42B3-A9DC-5E6233083BF3\"}]}]}],\"references\":[{\"url\":\"http://openwall.com/lists/oss-security/2012/01/03/13\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://openwall.com/lists/oss-security/2012/01/03/6\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://samiam.org/blog/20111229.html\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=771428\",\"source\":\"secalert@redhat.com\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]},{\"url\":\"http://openwall.com/lists/oss-security/2012/01/03/13\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://openwall.com/lists/oss-security/2012/01/03/6\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Mailing List\",\"Third Party Advisory\"]},{\"url\":\"http://samiam.org/blog/20111229.html\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\",\"Third Party Advisory\"]},{\"url\":\"https://bugzilla.redhat.com/show_bug.cgi?id=771428\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Issue Tracking\",\"Third Party Advisory\"]}]}}",
"redhat_vex": {
"current_release_date": "2025-11-21T12:54:42+00:00",
"cve": "CVE-2012-0024",
"id": "CVE-2012-0024",
"initial_release_date": "2012-01-01T00:00:00+00:00",
"product_status:known_not_affected": "1",
"source": "Red Hat CSAF VEX",
"status": "final",
"title": "maradns: hash table collisions CPU usage DoS",
"url": "https://security.access.redhat.com/data/csaf/v2/vex/2012/cve-2012-0024.json",
"version": "3"
}
}
}
Loading…
Loading…
Experimental. This forecast is provided for visualization only and may change without notice. Do not use it for operational decisions.
Forecast uses a logistic model when the trend is rising, or an exponential decay model when the trend is falling. Fitted via linearized least squares.
Sightings
| Author | Source | Type | Date | Other |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…