CVE-2018-16855Out-of-bounds Read in Recursor

CWE-125Out-of-bounds Read8 documents6 sources
Severity
7.5HIGHNVD
EPSS
19.8%
top 4.54%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Powerdns Recursor
Timeline
PublishedDec 3
Latest updateMay 13

Description

An issue has been found in PowerDNS Recursor before version 4.1.8 where a remote attacker sending a DNS query can trigger an out-of-bounds memory read while computing the hash of the query for a packet cache lookup, possibly leading to a crash.

CVSS vector

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

NVDpowerdns/recursor< 4.1.8

🔴Vulnerability Details

3
GHSA
GHSA-qx96-6995-fgrp: An issue has been found in PowerDNS Recursor before version 42022-05-13
OSV
CVE-2018-16855: An issue has been found in PowerDNS Recursor before version 42018-12-03
CVEList
CVE-2018-16855: An issue has been found in PowerDNS Recursor before version 42018-12-03

📋Vendor Advisories

1
Debian
CVE-2018-16855: pdns-recursor - An issue has been found in PowerDNS Recursor before version 4.1.8 where a remote...2018

💬Community

3
Bugzilla
CVE-2018-16855 pdns-recursor: Out-of-bounds read with crafted DNS queries [epel-all]2018-11-28
Bugzilla
CVE-2018-16855 pdns-recursor: Out-of-bounds read with crafted DNS queries2018-11-28
Bugzilla
CVE-2018-16855 pdns-recursor: Out-of-bounds read with crafted DNS queries [fedora-all]2018-11-28
CVE-2018-16855 — Out-of-bounds Read in Recursor | cvebase