CVE-2017-7401

Metadata

medium
5.0
collectd
CVE-2017-7401
cve.mitre.org, github.com, bugs.debian.org
2017-04-03
2017-10-23 14:18
ALAS-2017-829
CVE-2017-7401 collectd
2017-07-20 21:30
2017-06-16 19:22
2017-05-10 23:47
2017-04-14 10:21
2017-04-07 00:03

Description

Incorrect interaction of the parse_packet() and parse_part_sign_sha256() functions in network.c in collectd 5.7.1 and earlier allows remote attackers to cause a denial of service (infinite loop) of a collectd instance (configured with "SecurityLevel None" and with empty "AuthFile" options) via a crafted UDP packet.

Am I vulnerable?

The constraints below list the versions that this vulnerability is patched in, and versions that are unaffected. If a patch is ready but unrealeased, then it is pending.

Or, you can just let us figure it out for you! Appcanary continously monitor your installed packages, and tell you if any of them are vulnerable.

Sign up for monitoring

Affected package information

Release Package Patched in
artful collectd None
devel collectd None
trusty collectd None
upstream collectd None
xenial collectd None
zesty collectd None

Unaffected

Release Package Reason
precise collectd ignored
precise/esm collectd DNE
vivid/stable-phone-overlay collectd DNE
vivid/ubuntu-core collectd DNE
yakkety collectd ignored