CVE Vulnerabilities

CVE-2015-1868

Published: May 18, 2015 | Modified: Dec 28, 2016
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
7.8 HIGH
AV:N/AC:L/Au:N/C:N/I:N/A:C
RedHat/V2
RedHat/V3
Ubuntu
MEDIUM

The label decompression functionality in PowerDNS Recursor 3.5.x, 3.6.x before 3.6.3, and 3.7.x before 3.7.2 and Authoritative (Auth) Server 3.2.x, 3.3.x before 3.3.2, and 3.4.x before 3.4.4 allows remote attackers to cause a denial of service (CPU consumption or crash) via a request with a name that refers to itself.

Affected Software

Name Vendor Start Version End Version
Authoritative Powerdns 3.2 (including) 3.2 (including)
Authoritative Powerdns 3.3 (including) 3.3 (including)
Authoritative Powerdns 3.3.1 (including) 3.3.1 (including)
Authoritative Powerdns 3.3.2 (including) 3.3.2 (including)
Authoritative Powerdns 3.4.0 (including) 3.4.0 (including)
Authoritative Powerdns 3.4.1 (including) 3.4.1 (including)
Authoritative Powerdns 3.4.3 (including) 3.4.3 (including)
Pdns Ubuntu lucid *
Pdns Ubuntu trusty *
Pdns Ubuntu upstream *
Pdns Ubuntu utopic *
Pdns Ubuntu vivid *
Pdns-recursor Ubuntu lucid *
Pdns-recursor Ubuntu trusty *
Pdns-recursor Ubuntu upstream *
Pdns-recursor Ubuntu utopic *
Pdns-recursor Ubuntu vivid *

References