7.8 High
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
COMPLETE
AV:N/AC:L/Au:N/C:N/I:N/A:C
0.045 Low
EPSS
Percentile
92.5%
The label decompression functionality in PowerDNS Recursor before 3.6.4 and
3.7.x before 3.7.3 and Authoritative (Auth) Server before 3.3.3 and 3.4.x
before 3.4.5 allows remote attackers to cause a denial of service (CPU
consumption or crash) via a request with a long name that refers to itself.
NOTE: this vulnerability exists because of an incomplete fix for
CVE-2015-1868.
Author | Note |
---|---|
mdeslaur | incomplete fix for CVE-2015-1868 only affected pdns 3.2+ and pdns-recursor 3.5+ |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 14.04 | noarch | pdns-recursor | < 3.5.3-1ubuntu0.1 | UNKNOWN |
ubuntu | 15.04 | noarch | pdns-recursor | < 3.6.2-2+deb8u2build0.15.04.1 | UNKNOWN |
downloads.powerdns.com/patches/2015-01/
www.openwall.com/lists/oss-security/2015/07/07/6
doc.powerdns.com/md/security/powerdns-advisory-2015-01/
launchpad.net/bugs/cve/CVE-2015-5470
nvd.nist.gov/vuln/detail/CVE-2015-5470
security-tracker.debian.org/tracker/CVE-2015-5470
www.cve.org/CVERecord?id=CVE-2015-5470