FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

collectd5 -- Denial of service by sending a signed network packet to a server which is not set up to check signatures

Affected packages
collectd5 < 5.7.2

Details

VuXML ID 08a2df48-6c6a-11e7-9b01-2047478f2f70
Discovery 2017-02-13
Entry 2017-07-19

marcinguy reports:

After sending this payload, collectd seems to be entering endless while() loop in packet_parse consuming high CPU resources, possibly crash/gets killed after a while.

References

CVE Name CVE-2017-7401
URL https://github.com/collectd/collectd/issues/2174