Vulnerability Name: | CVE-2015-1868 (CCN-102537) | ||||||||||||||||||||||||||||||||||||||||||||||||
Assigned: | 2015-04-23 | ||||||||||||||||||||||||||||||||||||||||||||||||
Published: | 2015-04-23 | ||||||||||||||||||||||||||||||||||||||||||||||||
Updated: | 2016-12-28 | ||||||||||||||||||||||||||||||||||||||||||||||||
Summary: | The label decompression functionality in PowerDNS Recursor 3.5.x, 3.6.x before 3.6.3, and 3.7.x before 3.7.2 and Authoritative (Auth) Server 3.2.x, 3.3.x before 3.3.2, and 3.4.x before 3.4.4 allows remote attackers to cause a denial of service (CPU consumption or crash) via a request with a name that refers to itself. | ||||||||||||||||||||||||||||||||||||||||||||||||
CVSS v3 Severity: | 5.3 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L)
| ||||||||||||||||||||||||||||||||||||||||||||||||
CVSS v2 Severity: | 7.8 High (CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C) 5.8 Medium (Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C/E:U/RL:OF/RC:C)
3.7 Low (CCN Temporal CVSS v2 Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P/E:U/RL:OF/RC:C)
| ||||||||||||||||||||||||||||||||||||||||||||||||
Vulnerability Type: | CWE-399 | ||||||||||||||||||||||||||||||||||||||||||||||||
Vulnerability Consequences: | Denial of Service | ||||||||||||||||||||||||||||||||||||||||||||||||
References: | Source: MITRE Type: CNA CVE-2015-1868 Source: CCN Type: PowerDNS Security Advisory 2015-01 Label decompression bug can cause crashes on specific platforms Source: FEDORA Type: Third Party Advisory FEDORA-2015-7079 Source: FEDORA Type: Third Party Advisory FEDORA-2015-7033 Source: FEDORA Type: Third Party Advisory FEDORA-2015-7057 Source: FEDORA Type: Third Party Advisory FEDORA-2015-7047 Source: FEDORA Type: Third Party Advisory FEDORA-2015-7031 Source: FEDORA Type: Third Party Advisory FEDORA-2015-7018 Source: DEBIAN Type: UNKNOWN DSA-3306 Source: DEBIAN Type: UNKNOWN DSA-3307 Source: BID Type: Third Party Advisory 74306 Source: CCN Type: BID-74306 Multiple PowerDNS Products CVE-2015-1868 Remote Denial of Service Vulnerability Source: SECTRACK Type: Third Party Advisory 1032220 Source: CCN Type: Red Hat Bugzilla Bug 1213377 (CVE-2015-1868) CVE-2015-1868 pdns: Label decompression bug in PowerDNS can cause crashes on specific platforms Source: XF Type: UNKNOWN powerdns-cve20151868-dos(102537) Source: CCN Type: WhiteSource Vulnerability Database CVE-2015-1868 | ||||||||||||||||||||||||||||||||||||||||||||||||
Vulnerable Configuration: | Configuration 1: Configuration 2: Configuration 3: Configuration CCN 1: Denotes that component is vulnerable | ||||||||||||||||||||||||||||||||||||||||||||||||
Oval Definitions | |||||||||||||||||||||||||||||||||||||||||||||||||
| |||||||||||||||||||||||||||||||||||||||||||||||||
BACK |