CVE-2017-2909
First published: Tue Nov 07 2017(Updated: )
An infinite loop programming error exists in the DNS server functionality of Cesanta Mongoose 6.8 library. A specially crafted DNS request can cause an infinite loop resulting in high CPU usage and Denial Of Service. An attacker can send a packet over the network to trigger this vulnerability.
Credit: talos-cna@cisco.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Cesanta Mongoose | =6.8 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Frequently Asked Questions
What is CVE-2017-2909?
CVE-2017-2909 is a vulnerability in the DNS server functionality of Cesanta Mongoose 6.8 library that can cause an infinite loop resulting in high CPU usage and Denial Of Service.
How does CVE-2017-2909 affect Cesanta Mongoose 6.8?
CVE-2017-2909 affects Cesanta Mongoose 6.8 by allowing a specially crafted DNS request to trigger an infinite loop, resulting in high CPU usage and Denial of Service.
What is the severity of CVE-2017-2909?
CVE-2017-2909 has a severity rating of 7.5 (high).
How can I fix CVE-2017-2909?
To fix CVE-2017-2909, it is recommended to update to a version of Cesanta Mongoose that does not contain the vulnerability.
Where can I find more information about CVE-2017-2909?
You can find more information about CVE-2017-2909 at the following link: [CVE-2017-2909](https://www.talosintelligence.com/vulnerability_reports/TALOS-2017-0416)
- collector/nvd-index
- vendor/cesanta
- canonical/cesanta mongoose
- version/cesanta mongoose/6.8