Marcinguyo

**Name of the Vulnerable Software and Affected Versions** collectd versions 5.7.1 and earlier **Description** The issue arises from the incorrect interaction between the `parse packet()` and `parse part sign sha256()` functions in network.c, allowing remote attackers to cause a denial of service (infinite loop) in a collectd instance. This can occur when the collectd instance is configured with "SecurityLevel None" and has empty "AuthFile" options, and a crafted UDP packet is sent. **Recommendations** For collectd versions 5.7.1 and earlier, consider updating to a version that addresses this issue, as the current version allows for a denial of service attack via a crafted UDP packet. At the moment, there is no information about a newer version that contains a fix for this vulnerability.