CVE-2010-4336

Name of the Vulnerable Software and Affected Versions collectd versions 4.x through 4.9.3 collectd versions 4.10.0 through 4.10.1

Description The issue allows remote attackers to cause a denial of service via a packet with a timestamp whose value is 10 or less. This can be demonstrated by creating RRD files using the RRDtool and RRDCacheD plugins. The vulnerability can lead to a disruption in the availability of protected information and can be exploited remotely.

Recommendations For collectd versions 4.x through 4.9.3, update to version 4.9.4 or later. For collectd versions 4.10.0 through 4.10.1, update to version 4.10.2 or later. As a temporary workaround, consider restricting access to the cu rrd create file function in the src/utils rrdcreate.c file until a patch is available.