Detections
Analytics

CVE-2015-1868

high

Description

The label decompression functionality in PowerDNS Recursor 3.5.x, 3.6.x before 3.6.3, and 3.7.x before 3.7.2 and Authoritative (Auth) Server 3.2.x, 3.3.x before 3.3.2, and 3.4.x before 3.4.4 allows remote attackers to cause a denial of service (CPU consumption or crash) via a request with a name that refers to itself.

References

http://www.securitytracker.com/id/1032220

http://www.securityfocus.com/bid/74306

http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156743.html

http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156725.html

http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156680.html

http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156667.html

http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156655.html

http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156648.html

http://www.debian.org/security/2015/dsa-3307

http://www.debian.org/security/2015/dsa-3306

Details

Source: Mitre, NVD

Published: 2015-05-18

Updated: 2025-04-12

Risk Information

CVSS v2

Base Score: 7.8

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C

Severity: High

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Severity: High

EPSS

EPSS: 0.55305