CVE-2018-10851
published 2018-11-29CVE-2018-10851: PowerDNS Authoritative Server 3.3.0 up to 4.1.4 excluding 4.1.5 and 4.0.6, and PowerDNS Recursor 3.2 up to 4.1.4 excluding 4.1.5 and 4.0.9, are vulnerable to a…
high7.5CVSS 3.0
AVNACLPRNUINSUCNINAH
PowerDNS Authoritative Server 3.3.0 up to 4.1.4 excluding 4.1.5 and 4.0.6, and PowerDNS Recursor 3.2 up to 4.1.4 excluding 4.1.5 and 4.0.9, are vulnerable to a memory leak while parsing malformed records that can lead to remote denial of service.
Affected
18 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | pdns | < pdns 4.1.5-1 (bookworm) | pdns 4.1.5-1 (bookworm) |
| debian | pdns-recursor | < pdns 4.1.5-1 (bookworm) | pdns 4.1.5-1 (bookworm) |
| open-xchange | pdns | >= 0 < 4.1.5-1 | 4.1.5-1 |
| open-xchange | pdns | >= 0 < 4.1.5-1 | 4.1.5-1 |
| open-xchange | pdns | >= 0 < 4.1.5-1 | 4.1.5-1 |
| open-xchange | pdns | >= 0 < 4.1.5-1 | 4.1.5-1 |
| open-xchange | pdns | >= 0 < 4.0.0~alpha2-3ubuntu0.1~esm1 | 4.0.0~alpha2-3ubuntu0.1~esm1 |
| open-xchange | pdns | >= 0 < 4.1.1-1ubuntu0.1~esm1 | 4.1.1-1ubuntu0.1~esm1 |
| open-xchange | pdns | >= 0 < 4.2.1-1ubuntu0.1~esm1 | 4.2.1-1ubuntu0.1~esm1 |
| open-xchange | pdns | >= 0 < 4.5.3-1ubuntu0.1~esm1 | 4.5.3-1ubuntu0.1~esm1 |
| powerdns | authoritative | 3.3 – 4.1.4 | — |
| powerdns | recursor | 3.2 – 4.1.4 | — |
| the_powerdns_project | pdns | — | — |
| the_powerdns_project | pdns-recursor | — | — |
| the_powerdns_project | pdns-recursor | >= 0 < 4.1.7-1 | 4.1.7-1 |
| the_powerdns_project | pdns-recursor | >= 0 < 4.1.7-1 | 4.1.7-1 |
| the_powerdns_project | pdns-recursor | >= 0 < 4.1.7-1 | 4.1.7-1 |
| the_powerdns_project | pdns-recursor | >= 0 < 4.1.7-1 | 4.1.7-1 |
CVSS provenance
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
osv7.8HIGH