CVE-2015-1868Authoritative vulnerability

CWE-39912 documents6 sources
Severity
7.8HIGHNVD
EPSS
0.5%
top 33.73%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Open-xchange PdnsFedoraproject FedoraPowerdns Authoritative+1 more
Timeline
PublishedMay 18
Latest updateMay 17

Description

The label decompression functionality in PowerDNS Recursor 3.5.x, 3.6.x before 3.6.3, and 3.7.x before 3.7.2 and Authoritative (Auth) Server 3.2.x, 3.3.x before 3.3.2, and 3.4.x before 3.4.4 allows remote attackers to cause a denial of service (CPU consumption or crash) via a request with a name that refers to itself.

CVSS vector

AV:N/AC:L/C:N/I:N/A:CExploitability: 10.0 | Impact: 6.9

Affected Packages3 packages

NVDpowerdns/authoritative7 versions+6
NVDpowerdns/recursor9 versions+8
Debianopen-xchange/pdns< 3.4.4-1+3

Also affects: Fedora 20, 21, 22

🔴Vulnerability Details

3
GHSA
GHSA-9r88-88v4-3j6c: The label decompression functionality in PowerDNS Recursor 32022-05-17
CVEList
CVE-2015-1868: The label decompression functionality in PowerDNS Recursor 32015-05-18
OSV
CVE-2015-1868: The label decompression functionality in PowerDNS Recursor 32015-05-18

📋Vendor Advisories

1
Debian
CVE-2015-1868: pdns - The label decompression functionality in PowerDNS Recursor 3.5.x, 3.6.x before 3...2015

💬Community

7
Bugzilla
CVE-2015-5470 pdns-recursor: pdns: Label decompression bug in PowerDNS can cause crashes on specific platforms (incomplete CVE-2015-1868 fix) [fedora-all]2015-07-13
Bugzilla
CVE-2015-5470 pdns: Label decompression bug in PowerDNS can cause crashes on specific platforms (incomplete CVE-2015-1868 fix) [fedora-all]2015-07-13
Bugzilla
CVE-2015-5470 pdns: Label decompression bug in PowerDNS can cause crashes on specific platforms (incomplete CVE-2015-1868 fix) [epel-all]2015-07-13
Bugzilla
CVE-2015-5470 pdns: Label decompression bug in PowerDNS can cause crashes on specific platforms (incomplete CVE-2015-1868 fix)2015-07-13
Bugzilla
CVE-2015-5470 pdns-recursor: pdns: Label decompression bug in PowerDNS can cause crashes on specific platforms (incomplete CVE-2015-1868 fix) [epel-all]2015-07-13
CVE-2015-1868 — Powerdns Authoritative vulnerability | cvebase