Incorrect interaction of the parse_packet() and parse_part_sign_sha256() functions in network.c in collectd 5.7.1 and earlier allows remote attackers to cause a denial of service (infinite loop) of a collectd instance (configured with SecurityLevel None and with empty AuthFile options) via a crafted UDP packet.
The product contains an iteration or loop with an exit condition that cannot be reached, i.e., an infinite loop.
| Name | Vendor | Start Version | End Version |
|---|---|---|---|
| Collectd | Collectd | * | 5.7.1 (including) |
| Red Hat Gluster Storage 3.4 for RHEL 7 | RedHat | collectd-0:5.7.2-3.1.el7rhgs | * |
| Red Hat OpenStack Platform 11.0 Operational Tools for RHEL 7 | RedHat | collectd-0:5.7.2-1.1.el7ost | * |
| Red Hat Virtualization 4 for Red Hat Enterprise Linux 7 | RedHat | collectd-0:5.7.1-4.el7 | * |
| Red Hat Virtualization Engine 4.1 | RedHat | collectd-0:5.7.1-4.el7 | * |
| Collectd | Ubuntu | artful | * |
| Collectd | Ubuntu | esm-apps/xenial | * |
| Collectd | Ubuntu | precise | * |
| Collectd | Ubuntu | trusty | * |
| Collectd | Ubuntu | trusty/esm | * |
| Collectd | Ubuntu | upstream | * |
| Collectd | Ubuntu | xenial | * |
| Collectd | Ubuntu | yakkety | * |
| Collectd | Ubuntu | zesty | * |