CVE-2015-5694

CWE-8357 documents6 sources
Severity
6.5MEDIUM
EPSS
0.9%
top 24.43%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
3
Debian Debian LinuxOpenstack DesignateRedhat Enterprise Linux Openstack Platform
Timeline
PublishedNov 22
Latest updateMay 24

Description

Designate does not enforce the DNS protocol limit concerning record set sizes

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

Debiandesignate< 2015.1.0+2015.08.26.git34.9fa07c5798-1+3
NVDopenstack/designate1.0.0, 1.0.0.0, 2015.1.0+2

Also affects: Debian Linux 10.0, 8.0, 9.0

🔴Vulnerability Details

4
OSV
Designate does not enforce the DNS protocol limit concerning record set sizes2022-05-24
GHSA
Designate does not enforce the DNS protocol limit concerning record set sizes2022-05-24
CVEList
CVE-2015-5694: Designate does not enforce the DNS protocol limit concerning record set sizes2019-11-22
OSV
CVE-2015-5694: Designate does not enforce the DNS protocol limit concerning record set sizes2019-11-22

📋Vendor Advisories

2
Red Hat
openstack-designate: Infinite loop with large resource record sets2015-07-28
Debian
CVE-2015-5694: designate - Designate does not enforce the DNS protocol limit concerning record set sizes2015
CVE-2015-5694 (MEDIUM CVSS 6.5) | Designate does not enforce the DNS | cvebase.io