Zephyr DNS Implementation Denial-of-Service Vulnerability Leading to Infinite Loop

Vulnerability

A denial-of-service vulnerability has been identified in the Zephyr project DNS implementation, in versions through 4.1. This issue can cause an infinite loop by manipulating the 'pos' variable in the 'dns_copy_qname' function, creating a scenario where the same position is revisited repeatedly. This vulnerability arises from improper handling of DNS label compression, allowing malicious packets to exploit the logic and disrupt normal processing.

Impact

Exploitation of this vulnerability can lead to a denial-of-service condition, causing the application to enter an infinite loop and potentially consume excessive resources.

Added: Jun 24, 2025, 6:17 AM

Updated: Jun 24, 2025, 6:17 AM

Vulnerability Rating

Custom Algorithm

spread

6.6

impact

2.5

exploitability

6.0

remediation

0.0

relevance

0.2

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.6

impact

2.5

exploitability

6.0

remediation

0.0

relevance

0.2

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Zephyr DNS Implementation Denial-of-Service Vulnerability Leading to Infinite Loop

Vulnerability

Impact

Affected Products

Zephyr

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating