CVE-2015-5470 — Authoritative vulnerability
10 documents6 sources
Severity
7.8HIGHNVD
EPSS
0.0%
top 99.58%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
Timeline
PublishedNov 2
Latest updateMay 17
Description
The label decompression functionality in PowerDNS Recursor before 3.6.4 and 3.7.x before 3.7.3 and Authoritative (Auth) Server before 3.3.3 and 3.4.x before 3.4.5 allows remote attackers to cause a denial of service (CPU consumption or crash) via a request with a long name that refers to itself. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1868.
CVSS vector
AV:N/AC:L/C:N/I:N/A:CExploitability: 10.0 | Impact: 6.9
Affected Packages3 packages
Patches
🔴Vulnerability Details
3GHSA
▶
CVEList
▶
📋Vendor Advisories
1Debian▶
CVE-2015-5470: pdns - The label decompression functionality in PowerDNS Recursor before 3.6.4 and 3.7....↗2015
💬Community
5Bugzilla▶
CVE-2015-5470 pdns-recursor: pdns: Label decompression bug in PowerDNS can cause crashes on specific platforms (incomplete CVE-2015-1868 fix) [fedora-all]↗2015-07-13
Bugzilla▶
CVE-2015-5470 pdns: Label decompression bug in PowerDNS can cause crashes on specific platforms (incomplete CVE-2015-1868 fix) [fedora-all]↗2015-07-13
Bugzilla▶
CVE-2015-5470 pdns: Label decompression bug in PowerDNS can cause crashes on specific platforms (incomplete CVE-2015-1868 fix) [epel-all]↗2015-07-13
Bugzilla▶
CVE-2015-5470 pdns: Label decompression bug in PowerDNS can cause crashes on specific platforms (incomplete CVE-2015-1868 fix)↗2015-07-13
Bugzilla▶
CVE-2015-5470 pdns-recursor: pdns: Label decompression bug in PowerDNS can cause crashes on specific platforms (incomplete CVE-2015-1868 fix) [epel-all]↗2015-07-13