TITLE:
GNUnet Empty UDP Datagram Denial of Service Vulnerability

SECUNIA ADVISORY ID:
SA20096

VERIFY ADVISORY:
http://secunia.com/advisories/20096/

CRITICAL:
Moderately critical

IMPACT:
DoS

WHERE:
>From remote

SOFTWARE:
GNUnet 0.x
http://secunia.com/product/9930/

DESCRIPTION:
Luigi Auriemma has reported a vulnerability in GNUnet, which can be
exploited by malicious people to cause a DoS (Denial of Service).

The vulnerability is caused due to an error within the handling of
empty (zero bytes) UDP datagrams. This can be exploited to cause the
affected application to enter an infinite loop and consume 100% CPU
resources.

The vulnerability has been reported in version 0.7.0d and in SVN
revision 2780. Prior versions may also be affected.

SOLUTION:
The vulnerability has been fixed in SVN revision 2781.

PROVIDED AND/OR DISCOVERED BY:
Luigi Auriemma

ORIGINAL ADVISORY:
http://aluigi.altervista.org/adv/gnunetzero-adv.txt
https://gnunet.org/svn/GNUnet/ChangeLog

----------------------------------------------------------------------

About:
This Advisory was delivered by Secunia as a free service to help
everybody keeping their systems up to date against the latest
vulnerabilities.

Subscribe:
http://secunia.com/secunia_security_advisories/

Definitions: (Criticality, Where etc.)
http://secunia.com/about_secunia_advisories/


Please Note:
Secunia recommends that you verify all advisories you receive by
clicking the link.
Secunia NEVER sends attached files with advisories.
Secunia does not advise people to install third party patches, only
use those supplied by the vendor.

----------------------------------------------------------------------

Unsubscribe: Secunia Security Advisories
http://secunia.com/sec_adv_unsubscribe/?email=packet%40packetstormsecurity.org

----------------------------------------------------------------------