Description
fetchnews in leafnode 1.9.47 and earlier allows remote attackers to cause a denial of service (process hang) via an empty NNTP news article with missing mandatory headers.
Product(s):
- Leafnode 1.9.25
- Leafnode 1.9.26
- Leafnode 1.9.27
- Leafnode 1.9.28
- Leafnode 1.9.29
- Leafnode 1.9.30
- Leafnode 1.9.31
- Leafnode 1.9.32
- Leafnode 1.9.33
- Leafnode 1.9.34
- Leafnode 1.9.35
- Leafnode 1.9.36
- Leafnode 1.9.37
- Leafnode 1.9.38
- Leafnode 1.9.39
- Leafnode 1.9.40
- Leafnode 1.9.41
- Leafnode 1.9.42
- Leafnode 1.9.43
- Leafnode 1.9.44
- Leafnode 1.9.45
- Leafnode 1.9.46
- Leafnode 1.9.47
Question to Ask Vendors:
- Can you confirm whether your systems are affected by CVE-2004-2068, and if so, what steps are you currently taking to mitigate this vulnerability?
- What is your estimated timeline for fully resolving CVE-2004-2068 in your products or services, and how will you communicate updates on this issue to us as your customer?
Recommended Actions:
- Check out the advisory links provided below.