CVE-2018-16855
published 2018-12-03CVE-2018-16855: An issue has been found in PowerDNS Recursor before version 4.1.8 where a remote attacker sending a DNS query can trigger an out-of-bounds memory read while…
PriorityP354high7.5CVSS 3.0
AVNACLPRNUINSUCNINAH
EPSS
59.47%
99.0th percentile
An issue has been found in PowerDNS Recursor before version 4.1.8 where a remote attacker sending a DNS query can trigger an out-of-bounds memory read while computing the hash of the query for a packet cache lookup, possibly leading to a crash.
Affected
2 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | pdns-recursor | < pdns-recursor 4.1.8-1 (bookworm) | pdns-recursor 4.1.8-1 (bookworm) |
| powerdns | recursor | < 4.1.8 | 4.1.8 |
Detection & IOCsextracted from sources · hover to see the quote
- →Target service is PowerDNS Recursor (pdns-recursor); monitor for unexpected crashes of the recursor process, which may indicate exploitation of the out-of-bounds read via a crafted DNS query against the packet cache hash computation. ↗
- →Refer to the official PowerDNS security advisory for technical details and any proof-of-concept indicators that can be used to build detection signatures. ↗
- ·Only PowerDNS Recursor versions before 4.1.8 are vulnerable; versions 4.1.8 and later are not affected. Confirm the installed version before applying detection logic. ↗
- ·The vulnerability is triggered remotely over DNS (network-accessible service); no authentication is required, making any exposed pdns-recursor instance a potential target. ↗
CVSS provenance
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:N/I:N/A:P
osv7.5HIGH
vendor_debian7.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-qx96-6995-fgrp: An issue has been found in PowerDNS Recursor before version 4
ghsa_unreviewed·2022-05-13
CVE-2018-16855 [HIGH] CWE-125 GHSA-qx96-6995-fgrp: An issue has been found in PowerDNS Recursor before version 4
An issue has been found in PowerDNS Recursor before version 4.1.8 where a remote attacker sending a DNS query can trigger an out-of-bounds memory read while computing the hash of the query for a packet cache lookup, possibly leading to a crash.
OSV
CVE-2018-16855: An issue has been found in PowerDNS Recursor before version 4
osv·2018-12-03·CVSS 7.5
CVE-2018-16855 [HIGH] CVE-2018-16855: An issue has been found in PowerDNS Recursor before version 4
An issue has been found in PowerDNS Recursor before version 4.1.8 where a remote attacker sending a DNS query can trigger an out-of-bounds memory read while computing the hash of the query for a packet cache lookup, possibly leading to a crash.
Debian
CVE-2018-16855: pdns-recursor - An issue has been found in PowerDNS Recursor before version 4.1.8 where a remote...
vendor_debian·2018·CVSS 7.5
CVE-2018-16855 [HIGH] CVE-2018-16855: pdns-recursor - An issue has been found in PowerDNS Recursor before version 4.1.8 where a remote...
An issue has been found in PowerDNS Recursor before version 4.1.8 where a remote attacker sending a DNS query can trigger an out-of-bounds memory read while computing the hash of the query for a packet cache lookup, possibly leading to a crash.
Scope: local
bookworm: resolved (fixed in 4.1.8-1)
bullseye: resolved (fixed in 4.1.8-1)
forky: resolved (fixed in 4.1.8-1)
sid: resolved (fixed in 4.1.8-1)
trixie: resolved (fixed in 4.1.8-1)
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2018-16855 pdns-recursor: Out-of-bounds read with crafted DNS queries [epel-all]
bugzilla·2018-11-28·CVSS 7.5
CVE-2018-16855 [HIGH] CVE-2018-16855 pdns-recursor: Out-of-bounds read with crafted DNS queries [epel-all]
CVE-2018-16855 pdns-recursor: Out-of-bounds read with crafted DNS queries [epel-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of epel-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported ver
Bugzilla
CVE-2018-16855 pdns-recursor: Out-of-bounds read with crafted DNS queries
bugzilla·2018-11-28·CVSS 7.5
CVE-2018-16855 [HIGH] CVE-2018-16855 pdns-recursor: Out-of-bounds read with crafted DNS queries
CVE-2018-16855 pdns-recursor: Out-of-bounds read with crafted DNS queries
An issue has been found in PowerDNS Recursor where a remote attacker sending a DNS query can trigger an out-of-bounds memory read while computing the hash of the query for a packet cache lookup, possibly leading to a crash.
External References:
https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2018-09.html
Discussion:
Created pdns-recursor tracking bugs for this issue:
Affects: epel-all [bug 1654233]
---
Created pdns-recursor tracking bugs for this issue:
Affects: fedora-all [bug 1654234]
---
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status o
Bugzilla
CVE-2018-16855 pdns-recursor: Out-of-bounds read with crafted DNS queries [fedora-all]
bugzilla·2018-11-28·CVSS 7.5
CVE-2018-16855 [HIGH] CVE-2018-16855 pdns-recursor: Out-of-bounds read with crafted DNS queries [fedora-all]
CVE-2018-16855 pdns-recursor: Out-of-bounds read with crafted DNS queries [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
NOTE: this issue affects multiple supported
2018-12-03
Published