CVE-2015-5695

CWE-400 — Uncontrolled Resource Consumption CWE-8358 documents7 sources

Severity

6.5MEDIUM

EPSS

2.4%

top 14.83%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Openstack Designate

Timeline

PublishedAug 31

Latest updateMay 17

Description

Designate 2015.1.0 through 1.0.0.0b1 as packaged in OpenStack Kilo does not enforce RecordSets per domain, and Records per RecordSet quotas when processing an internal zone file transfer, which might allow remote attackers to cause a denial of service (infinite loop) via a crafted resource record set.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages2 packages

▶NVDopenstack/designate1.0.0.0b1, 1.0.0a0, 2015.1.0+2

▶Debiandesignate< 2015.1.0+2015.08.26.git34.9fa07c5798-1+3

Patches

Patch: lists.openstack.org ↗Patch: launchpadlibrarian.net ↗Patch: lists.openstack.org ↗

🔴Vulnerability Details

OSV

Designate mDNS DoS through incorrect handling of large RecordSets↗2022-05-17

▶

GHSA

Designate mDNS DoS through incorrect handling of large RecordSets↗2022-05-17

▶

CVEList

CVE-2015-5695: Designate 2015↗2017-08-31

▶

OSV

CVE-2015-5695: Designate 2015↗2017-08-31

▶

📋Vendor Advisories

Red Hat

openstack-designate: Infinite loop with large resource record sets↗2015-07-28

▶

Debian

CVE-2015-5695: designate - Designate 2015.1.0 through 1.0.0.0b1 as packaged in OpenStack Kilo does not enfo...↗2015

▶

💬Community

Bugzilla

CVE-2015-5695 openstack-designate: Infinite loop with large resource record sets↗2015-07-21

▶