CVE-2017-7401

Published: Apr 3, 2017Modified: May 13, 2026

7.5

Vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

Incorrect interaction of the parse_packet() and parse_part_sign_sha256() functions in network.c in collectd 5.7.1 and earlier allows remote attackers to cause a denial of service (infinite loop) of a collectd instance (configured with "SecurityLevel None" and with empty "AuthFile" options) via a crafted UDP packet.

Affected (1)

Products: Collectd: Collectd

1 product

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Collectd Collectd	Up to 5.7.1

Related CWEs

Loop with Unreachable Exit Condition ('Infinite Loop')

The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.

References (10)

http://www.securityfocus.com/bid/97321

Source: cve@mitre.org

Third Party AdvisoryVDB Entry

https://access.redhat.com/errata/RHSA-2017:1285

Source: cve@mitre.org

https://access.redhat.com/errata/RHSA-2017:1787

Source: cve@mitre.org

https://access.redhat.com/errata/RHSA-2018:2615

Source: cve@mitre.org

https://github.com/collectd/collectd/issues/2174

Source: cve@mitre.org

Issue TrackingPatchThird Party Advisory

http://www.securityfocus.com/bid/97321

Source: af854a3a-2127-422b-91ae-364da2661108

Third Party AdvisoryVDB Entry

https://access.redhat.com/errata/RHSA-2017:1285

Source: af854a3a-2127-422b-91ae-364da2661108

https://access.redhat.com/errata/RHSA-2017:1787

Source: af854a3a-2127-422b-91ae-364da2661108

https://access.redhat.com/errata/RHSA-2018:2615

Source: af854a3a-2127-422b-91ae-364da2661108

https://github.com/collectd/collectd/issues/2174

Source: af854a3a-2127-422b-91ae-364da2661108

Issue TrackingPatchThird Party Advisory

Timeline

No history available yet.