Total vulnerabilities in the database
The AuthenticationDialogue function in cfservd for Cfengine 2.0.0 to 2.1.7p1 does not properly check the return value of the ReceiveTransaction function, which leads to a failed malloc call and triggers to a null dereference, which allows remote attackers to cause a denial of service (crash).
| Software | From | Fixed in |
|---|---|---|
| gnu / cfengine | 2.0.7-p1 | 2.0.7-p1.x |
| gnu / cfengine | 2.0.8-p1 | 2.0.8-p1.x |
| gnu / cfengine | 2.0.5-b1 | 2.0.5-b1.x |
| gnu / cfengine | 2.0.8 | 2.0.8.x |
| gnu / cfengine | 2.1.0-a9 | 2.1.0-a9.x |
| gnu / cfengine | 2.0.7 | 2.0.7.x |
| gnu / cfengine | 2.1.0-a6 | 2.1.0-a6.x |
| gnu / cfengine | 2.0.7-p2 | 2.0.7-p2.x |
| gnu / cfengine | 2.0.0 | 2.0.0.x |
| gnu / cfengine | 2.0.5-pre | 2.0.5-pre.x |
| gnu / cfengine | 2.1.0-a8 | 2.1.0-a8.x |
| gnu / cfengine | 2.0.2 | 2.0.2.x |
| gnu / cfengine | 2.0.1 | 2.0.1.x |
| gnu / cfengine | 2.0.6 | 2.0.6.x |
| gnu / cfengine | 2.0.5 | 2.0.5.x |
| gnu / cfengine | 2.0.5-pre2 | 2.0.5-pre2.x |
| gnu / cfengine | 2.0.7-p3 | 2.0.7-p3.x |
| gnu / cfengine | 2.0.4 | 2.0.4.x |
| gnu / cfengine | 2.1.7-p1 | 2.1.7-p1.x |
| gnu / cfengine | 2.0.3 | 2.0.3.x |