Infinite Loop Denial of Service Vulnerability in Cesanta Mongoose 6.8 DNS Server

Infinite Loop Denial of Service Vulnerability in Cesanta Mongoose 6.8 DNS Server

CVE-2017-2909 · HIGH Severity

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

An infinite loop programming error exists in the DNS server functionality of Cesanta Mongoose 6.8 library. A specially crafted DNS request can cause an infinite loop resulting in high CPU usage and Denial Of Service. An attacker can send a packet over the network to trigger this vulnerability.

Learn more about our Cis Benchmark Audit For Server Software.