Every CVE whose affected-product data names Maradns, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (14)
CVE-2007-3115 — CVSS 7.8 (high): Multiple memory leaks in server/MaraDNS.c in MaraDNS before 1.2.12.06, and 1.3.x before 1.3.05, allow remote attackers to cause a denial of…
CVE-2012-0024 — CVSS 7.8 (high): MaraDNS before 1.3.07.12 and 1.4.x before 1.4.08 computes hash values for DNS data without restricting the ability to trigger hash…
CVE-2023-31137 — CVSS 7.5 (high): MaraDNS is open-source software that implements the Domain Name System (DNS). In version 3.5.0024 and prior, a remotely exploitable integer…
CVE-2011-0520 — CVSS 7.5 (high): The compress_add_dlabel_points function in dns/Compress.c in MaraDNS 1.4.03, 1.4.05, and probably other versions allows remote attackers to…
CVE-2022-30256 — CVSS 7.5 (high): An issue was discovered in MaraDNS Deadwood through 3.5.0021 that allows variant V1 of unintended domain name resolution. A revoked domain…
CVE-2008-0061 — CVSS 5.0 (medium): MaraDNS 1.0 before 1.0.41, 1.2 before 1.2.12.08, and 1.3 before 1.3.07.04 allows remote attackers to cause a denial of service via a…
CVE-2004-0789 — CVSS 5.0 (medium): Multiple implementations of the DNS protocol, including (1) Poslib 1.0.2-1 and earlier as used by Posadis, (2) Axis Network products before…
CVE-2007-3114 — CVSS 5.0 (medium): Memory leak in server/MaraDNS.c in MaraDNS before 1.2.12.05, and 1.3.x before 1.3.03, allows remote attackers to cause a denial of service…
CVE-2007-3116 — CVSS 5.0 (medium): Memory leak in server/MaraDNS.c in MaraDNS 1.2.12.06 and 1.3.05 allows remote attackers to cause a denial of service (memory consumption)…
CVE-2002-2097 — CVSS 5.0 (medium): The compression code in MaraDNS before 0.9.01 allows remote attackers to cause a denial of service via crafted DNS packets.
CVE-2011-5055 — CVSS 5.0 (medium): MaraDNS 1.3.07.12 and 1.4.08 computes hash values for DNS data without properly restricting the ability to trigger hash collisions…
CVE-2010-2444 — CVSS 4.3 (medium): parse/Csv2_parse.c in MaraDNS 1.3.03, and other versions before 1.4.03, does not properly handle hostnames that do not end in a "." (dot)…
CVE-2012-1570 — CVSS 4.3 (medium): The resolver in MaraDNS before 1.3.0.7.15 and 1.4.x before 1.4.12 overwrites cached server names and TTL values in NS records during the…
CVE-2011-5056 — CVSS 2.1 (low): The authoritative server in MaraDNS through 2.0.04 computes hash values for DNS data without restricting the ability to trigger hash…