CVE-2017-7401 collectd

Metadata

medium
5.0
collectd
CVE-2017-7401
2017-08-29 05:03
ALAS-2017-829
CVE-2017-7401
2017-08-23 23:03
2017-06-18 07:51
2017-06-16 19:22
2017-04-13 05:03
2017-04-05 05:03
2017-04-04 17:03
2017-04-04 12:03

Description

Incorrect interaction of the parse_packet() and parse_part_sign_sha256() functions in network.c in collectd 5.7.1 and earlier allows remote attackers to cause a denial of service (infinite loop) of a collectd instance (configured with "SecurityLevel None" and with empty "AuthFile" options) via a crafted UDP packet.

Am I vulnerable?

The constraints below list the versions that this vulnerability is patched in, and versions that are unaffected. If a patch is ready but unrealeased, then it is pending.

Or, you can just let us figure it out for you! Appcanary continously monitor your installed packages, and tell you if any of them are vulnerable.

Sign up for monitoring

Affected package information

Release Package Patched in
buster collectd 5.7.2-1
jessie collectd None
sid collectd 5.7.2-1
stretch collectd None
wheezy collectd 5.1.0-3+deb7u3