Unrated severityNVD Advisory· Published Mar 20, 2018· Updated Aug 6, 2024

CVE-2014-2032

Description

Deadwood before 2.3.09, 3.x before 3.2.05, and as used in MaraDNS before 1.4.14 and 2.x before 2.0.09, allow remote attackers to cause a denial of service (out-of-bounds read and crash) by leveraging permission to perform recursive queries against Deadwood, related to missing input validation.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Missing input validation in Deadwood DNS recursive resolver allows remote attackers to cause DoS via out-of-bounds read.

Vulnerability

Deadwood versions before 2.3.09 and 3.x before 3.2.05, as used in MaraDNS before 1.4.14 and 2.x before 2.0.09, contain a missing input validation vulnerability in the processing of recursive queries. This lack of proper bounds checking leads to an out-of-bounds read when handling specially crafted DNS packets [1][2].

Exploitation

An attacker with permission to perform recursive queries against a Deadwood server can send a malicious DNS query. The server fails to validate the query data, resulting in an out-of-bounds read that causes the process to crash. No authentication or special privileges are required beyond network access to the DNS service [2][3].

Impact

Successful exploitation causes a denial of service (DoS) by crashing the Deadwood or MaraDNS process, disrupting DNS resolution. While out-of-bounds reads can potentially leak information, the primary impact is availability [1][2].

Mitigation

The vulnerability is fixed in Deadwood 2.3.09 and 3.2.05, and MaraDNS 1.4.14 and 2.0.09, all released on February 12, 2014. Users are advised to upgrade immediately. No workarounds are documented, and the issue is not listed in the KEV catalog [1][2][3].

References

AI Insight generated on May 26, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

Maradns/Maradnsinferred
Range: <1.4.14
Deadwood/Deadwoodllm-create
Range: <=2.3.09 (before 2.3.09), 3.x <=3.2.05

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

samiam.org/blog/2014-02-12.htmlmitrex_refsource_CONFIRM
www.openwall.com/lists/oss-security/2014/02/19/15mitremailing-listx_refsource_MLIST
www.securityfocus.com/bid/65595mitrevdb-entryx_refsource_BID
www.securitytracker.com/id/1029771mitrevdb-entryx_refsource_SECTRACK
bugzilla.redhat.com/show_bug.cgimitrex_refsource_CONFIRM
exchange.xforce.ibmcloud.com/vulnerabilities/91204mitrevdb-entryx_refsource_XF

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.001
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000