The leafnode server in leafnode 1.9.20 to 1.9.29 allows remote attackers to cause a denial of service (infinite loop) when leafnode requests a cross-posted article to one group whose name is a prefix of another group.
2002-12-31T05:00:00.000
2025-04-03T01:03:51.193
Deferred
CVSSv2: 5.0 (MEDIUM)
AV:N/AC:L/Au:N/C:N/I:N/A:P
10.0
2.9
| Type | Vendor | Product | Version/Range | Vulnerable? |
|---|---|---|---|---|
| Application | leafnode | leafnode | 1.9.19 | Yes |
| Application | leafnode | leafnode | 1.9.20 | Yes |
| Application | leafnode | leafnode | 1.9.21 | Yes |
| Application | leafnode | leafnode | 1.9.22 | Yes |
| Application | leafnode | leafnode | 1.9.23 | Yes |
| Application | leafnode | leafnode | 1.9.24 | Yes |
| Application | leafnode | leafnode | 1.9.25 | Yes |
| Application | leafnode | leafnode | 1.9.26 | Yes |
| Application | leafnode | leafnode | 1.9.27 | Yes |
| Application | leafnode | leafnode | 1.9.29 | Yes |