CVE-2010-2444
EPSS 0.50%
Description
parse/Csv2_parse.c in MaraDNS 1.3.03, and other versions before 1.4.03, does not properly handle hostnames that do not end in a "." (dot) character, which allows remote attackers to cause a denial of service (NULL pointer dereference) via a crafted csv2 zone file.
How to fix CVE-2010-2444
To remediate CVE-2010-2444, upgrade the affected package to a fixed version below.
- Debian/maradns—upgrade to 1.4.03-1 or later
Is CVE-2010-2444 being exploited?
Low — EPSS is 0.5%, meaning exploitation activity has not been observed at scale.
Affected packages (1)
- from 0, < 1.4.03-1