CVE-2015-5470
published 2015-11-02CVE-2015-5470: The label decompression functionality in PowerDNS Recursor before 3.6.4 and 3.7.x before 3.7.3 and Authoritative (Auth) Server before 3.3.3 and 3.4.x before…
high7.8CVSS 3.1
AVNACLAuNCNINAC
The label decompression functionality in PowerDNS Recursor before 3.6.4 and 3.7.x before 3.7.3 and Authoritative (Auth) Server before 3.3.3 and 3.4.x before 3.4.5 allows remote attackers to cause a denial of service (CPU consumption or crash) via a request with a long name that refers to itself. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1868.
Affected
15 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | pdns | < pdns 3.4.5-1 (bookworm) | pdns 3.4.5-1 (bookworm) |
| debian | pdns-recursor | < pdns 3.4.5-1 (bookworm) | pdns 3.4.5-1 (bookworm) |
| open-xchange | pdns | >= 0 < 3.4.5-1 | 3.4.5-1 |
| open-xchange | pdns | >= 0 < 3.4.5-1 | 3.4.5-1 |
| open-xchange | pdns | >= 0 < 3.4.5-1 | 3.4.5-1 |
| open-xchange | pdns | >= 0 < 3.4.5-1 | 3.4.5-1 |
| powerdns | authoritative | <= 3.3.2 | — |
| powerdns | authoritative | — | — |
| powerdns | authoritative | — | — |
| powerdns | authoritative | — | — |
| powerdns | authoritative | — | — |
| powerdns | authoritative | — | — |
| powerdns | recursor | <= 3.6.3 | — |
| powerdns | recursor | — | — |
| powerdns | recursor | — | — |
CVSS provenance
nvd7.8HIGHAV:N/AC:L/Au:N/C:N/I:N/A:C
osv7.8HIGH