Unrated severityNVD Advisory· Published Sep 24, 2008· Updated Apr 23, 2026

CVE-2008-4194

Description

The p_exec_query function in src/dns_query.c in pdnsd before 1.2.7-par allows remote attackers to cause a denial of service (daemon crash) via a long DNS reply with many entries in the answer section, related to a "dangling pointer bug."

Affected products

Pdnsd/Pdnsd16 versions
cpe:2.3:a:pdnsd:pdnsd:*:*:*:*:*:*:*:*+ 15 more
- cpe:2.3:a:pdnsd:pdnsd:*:*:*:*:*:*:*:*range: <=1.2.6-par
- cpe:2.3:a:pdnsd:pdnsd:1.1.10-par:*:*:*:*:*:*:*
- cpe:2.3:a:pdnsd:pdnsd:1.1.11a-par:*:*:*:*:*:*:*
- cpe:2.3:a:pdnsd:pdnsd:1.1.11-par:*:*:*:*:*:*:*
- cpe:2.3:a:pdnsd:pdnsd:1.1.7:*:*:*:*:*:*:*
- cpe:2.3:a:pdnsd:pdnsd:1.1.7a:*:*:*:*:*:*:*
- cpe:2.3:a:pdnsd:pdnsd:1.1.8b1-par4:*:*:*:*:*:*:*
- cpe:2.3:a:pdnsd:pdnsd:1.1.8b1-par5:*:*:*:*:*:*:*
- cpe:2.3:a:pdnsd:pdnsd:1.1.8b1-par6:*:*:*:*:*:*:*
- cpe:2.3:a:pdnsd:pdnsd:1.1.8b1-par7:*:*:*:*:*:*:*
- cpe:2.3:a:pdnsd:pdnsd:1.1.8b1-par8:*:*:*:*:*:*:*
- cpe:2.3:a:pdnsd:pdnsd:1.1.9-par:*:*:*:*:*:*:*
- cpe:2.3:a:pdnsd:pdnsd:1.2.1_par:*:*:*:*:*:*:*
- cpe:2.3:a:pdnsd:pdnsd:1.2.4-par:*:*:*:*:*:*:*
- cpe:2.3:a:pdnsd:pdnsd:1.2.5-par:*:*:*:*:*:*:*
- cpe:2.3:a:pdnsd:pdnsd:1.2-par:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.009
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000