Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
7.8
CVSSv2

CVE-2015-1868

Published: 18/05/2015 Updated: 28/12/2016
CVSS v2 Base Score: 7.8 | Impact Score: 6.9 | Exploitability Score: 10
VMScore: 694
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:C
Subscribe to Authoritative

Vulnerability Summary

The label decompression functionality in PowerDNS Recursor 3.5.x, 3.6.x prior to 3.6.3, and 3.7.x prior to 3.7.2 and Authoritative (Auth) Server 3.2.x, 3.3.x prior to 3.3.2, and 3.4.x prior to 3.4.4 allows remote malicious users to cause a denial of service (CPU consumption or crash) via a request with a name that refers to itself.

Vulnerable Product Search on Vulmon Subscribe to Product

powerdns authoritative 3.2

powerdns authoritative 3.3

powerdns authoritative 3.3.1

powerdns authoritative 3.3.2

powerdns authoritative 3.4.0

powerdns authoritative 3.4.1

powerdns authoritative 3.4.3

fedoraproject fedora 20

fedoraproject fedora 21

fedoraproject fedora 22

powerdns recursor 3.5

powerdns recursor 3.6.0

powerdns recursor 3.6.1

powerdns recursor 3.6.2

powerdns recursor 3.5.3

powerdns recursor 3.6.3

powerdns recursor 3.7.1

powerdns recursor 3.5.2

powerdns recursor 3.5.1

Vendor Advisories

Debian Security Advisories: DSA-3306-1 pdns -- security update
Toshifumi Sakaguchi discovered that the patch applied to pdns, an authoritative DNS server, fixing CVE-2015-1868, was insufficient in some cases, allowing remote attackers to cause a denial of service (service-affecting CPU spikes and in some cases a crash) For the stable distribution (jessie), this problem has been fixed in version 341-4+deb8u2 ...
Debian Security Advisories: DSA-3307-1 pdns-recursor -- security update
Toshifumi Sakaguchi discovered that the patch applied to pdns-recursor, a recursive DNS server, fixing CVE-2015-1868, was insufficient in some cases, allowing remote attackers to cause a denial of service (service-affecting CPU spikes and in some cases a crash) For the stable distribution (jessie), this problem has been fixed in version 362-2+de ...

References

CWE-399http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156725.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2015-April/156743.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2015-April/156655.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2015-April/156667.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2015-April/156648.htmlhttp://lists.fedoraproject.org/pipermail/package-announce/2015-April/156680.htmlhttp://www.securitytracker.com/id/1032220http://www.securityfocus.com/bid/74306http://www.debian.org/security/2015/dsa-3307http://www.debian.org/security/2015/dsa-3306https://nvd.nist.govhttps://www.debian.org/security/./dsa-3306
CVSSv3
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2023-38002CVE-2006-4304CVE-2024-4336CVE-2024-33437CVE-2024-4340CVE-2024-27956privilegeinsecure direct object referenceXSSitem search icon">CVE-2024-25938
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook