CVE-2014-8601 — Out-of-bounds Read in Recursor

CWE-399 CWE-125 — Out-of-bounds Read CWE-121 — Stack-based Buffer Overflow11 documents7 sources

Severity

5.0MEDIUMNVD

EPSS

0.8%

top 26.64%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Powerdns Recursor Debian Linux

Timeline

PublishedDec 10

Latest updateMay 17

Description

PowerDNS Recursor before 3.6.2 does not limit delegation chaining, which allows remote attackers to cause a denial of service ("performance degradations") via a large or infinite number of referrals, as demonstrated by resolving domains hosted by ezdns.it.

CVSS vector

AV:N/AC:L/C:N/I:N/A:PExploitability: 10.0 | Impact: 2.9

Affected Packages1 packages

▶NVDpowerdns/recursor3.6.1

Also affects: Debian Linux 7.0

🔴Vulnerability Details

GHSA

GHSA-cmfg-cqcc-qpqf: PowerDNS Recursor before 3↗2022-05-17

▶

OSV

CVE-2014-8601: PowerDNS Recursor before 3↗2014-12-10

▶

CVEList

CVE-2014-8601: PowerDNS Recursor before 3↗2014-12-10

▶

📋Vendor Advisories

Red Hat

php: xmlrpc ISO8601 date format parsing buffer overflow↗2014-11-05

▶

Red Hat

php: xmlrpc ISO8601 date format parsing out-of-bounds read in mkgmtime()↗2014-10-14

▶

Debian

CVE-2014-8601: pdns-recursor - PowerDNS Recursor before 3.6.2 does not limit delegation chaining, which allows ...↗2014

▶

💬Community

Bugzilla

CVE-2014-8601 pdns-recursor: pdns: denial of service via specially crafted domain names [epel-all]↗2014-12-09

▶

Bugzilla

CVE-2014-8601 pdns: denial of service via specially crafted domain names↗2014-12-09

▶

Bugzilla

CVE-2014-8601 pdns-recursor: pdns: denial of service via specially crafted domain names [fedora-all]↗2014-12-09

▶