CVE-2015-1868

high

Description

The label decompression functionality in PowerDNS Recursor 3.5.x, 3.6.x before 3.6.3, and 3.7.x before 3.7.2 and Authoritative (Auth) Server 3.2.x, 3.3.x before 3.3.2, and 3.4.x before 3.4.4 allows remote attackers to cause a denial of service (CPU consumption or crash) via a request with a name that refers to itself.

References

http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156648.html

http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156655.html

http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156667.html

http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156680.html

http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156725.html

http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156743.html

http://www.debian.org/security/2015/dsa-3306

http://www.debian.org/security/2015/dsa-3307

http://www.securityfocus.com/bid/74306

http://www.securitytracker.com/id/1032220

Details

Source: MITRE

Published: 2015-05-18

Updated: 2016-12-28

Type: CWE-399

Risk Information

CVSS v2

Base Score: 7.8

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C

Impact Score: 6.9

Exploitability Score: 10

Severity: HIGH