CVE-2018-10851Uncontrolled Resource Consumption in Authoritative

CWE-400Uncontrolled Resource ConsumptionCWE-772Missing Release of Resource after Effective Lifetime12 documents7 sources
Severity
7.5HIGHNVD
CNA5.3OSV7.8
EPSS
0.1%
top 70.89%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
Open-xchange PdnsPowerdns AuthoritativePowerdns Recursor+2 more
Timeline
PublishedNov 29
Latest updateJan 14

Description

PowerDNS Authoritative Server 3.3.0 up to 4.1.4 excluding 4.1.5 and 4.0.6, and PowerDNS Recursor 3.2 up to 4.1.4 excluding 4.1.5 and 4.0.9, are vulnerable to a memory leak while parsing malformed records that can lead to remote denial of service.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages6 packages

NVDpowerdns/recursor3.24.1.4
NVDpowerdns/authoritative3.34.1.4
CVEListV5the_powerdns_project/pdns-recursor3.2 to 4.1.4, excluding 4.1.5 and 4.0.9
CVEListV5the_powerdns_project/pdns3.3.0 to 4.1.4, excluding 4.1.5 and 4.0.6
Debianopen-xchange/pdns< 4.1.5-1+3

🔴Vulnerability Details

4
OSV
pdns, pdns-recursor vulnerabilities2025-01-14
GHSA
GHSA-v52v-2q9p-gp4x: PowerDNS Authoritative Server 32022-05-13
CVEList
CVE-2018-10851: PowerDNS Authoritative Server 32018-11-29
OSV
CVE-2018-10851: PowerDNS Authoritative Server 32018-11-29

📋Vendor Advisories

2
Ubuntu
PowerDNS vulnerabilities2025-01-14
Debian
CVE-2018-10851: pdns - PowerDNS Authoritative Server 3.3.0 up to 4.1.4 excluding 4.1.5 and 4.0.6, and P...2018

💬Community

5
Bugzilla
CVE-2018-10851 pdns-recursor: pdns: Memory leak while parsing malformed records [epel-all]2018-11-12
Bugzilla
CVE-2018-10851: pdns: Memory leak while parsing malformed records [fedora-all]2018-11-12
Bugzilla
CVE-2018-10851 pdns: Memory leak while parsing malformed records [fedora-all]2018-11-12
Bugzilla
CVE-2018-10851 pdns: Memory leak while parsing malformed records [epel-all]2018-11-12
Bugzilla
CVE-2018-10851 pdns: Memory leak while parsing malformed records2018-06-06
CVE-2018-10851 — Uncontrolled Resource Consumption | cvebase