High severity7.5NVD Advisory· Published Apr 3, 2017· Updated Jun 17, 2026
CVE-2017-7401
CVE-2017-7401
Description
Incorrect interaction of the parse_packet() and parse_part_sign_sha256() functions in network.c in collectd 5.7.1 and earlier allows remote attackers to cause a denial of service (infinite loop) of a collectd instance (configured with "SecurityLevel None" and with empty "AuthFile" options) via a crafted UDP packet.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
3- osv-coords2 versionspkg:rpm/suse/collectd&distro=SUSE%20Lifecycle%20Management%20Server%201.3pkg:rpm/suse/collectd&distro=SUSE%20WebYast%201.3
< 4.9.4-0.31.1+ 1 more
- (no CPE)range: < 4.9.4-0.31.1
- (no CPE)range: < 4.9.4-0.31.1
Patches
Vulnerability mechanics
References
5- github.com/collectd/collectd/issues/2174nvdIssue TrackingPatchThird Party Advisory
- www.securityfocus.com/bid/97321nvdThird Party AdvisoryVDB Entry
- access.redhat.com/errata/RHSA-2017:1285nvd
- access.redhat.com/errata/RHSA-2017:1787nvd
- access.redhat.com/errata/RHSA-2018:2615nvd
News mentions
0No linked articles in our index yet.