ALAS-2017-829 ---- collectd, libcollectdclient| ID: oval:org.secpod.oval:def:1600701 | Date: (C)2017-05-19 (M)2023-12-20 |
| Class: PATCH | Family: unix |
Infinite loop due to incorrect interaction of parse_packet and parse_part_sign_sha256 functions:Collectd contains an infinite loop due to how the parse_packet and parse_part_sign_sha256 functions interact. If an instance of collectd is configured with "SecurityLevel None" and with empty "AuthFile" options an attacker can send crafted UDP packets that trigger the infinite loop, causing a denial of service
| Platform: |
| Amazon Linux AMI |
| Product: |
| collectd |
| libcollectdclient |
