The label decompression functionality in PowerDNS Recursor prior to 3.6.4 and 3.7.x prior to 3.7.3 and Authoritative (Auth) Server prior to 3.3.3 and 3.4.x prior to 3.4.5 allows remote malicious users to cause a denial of service (CPU consumption or crash) via a request with a long name that refers to itself. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1868.
Vulnerable Product | Search on Vulmon | Subscribe to Product |
---|---|---|
powerdns authoritative |
||
powerdns authoritative 3.4.1 |
||
powerdns authoritative 3.4.2 |
||
powerdns authoritative 3.4.3 |
||
powerdns authoritative 3.4.4 |
||
powerdns authoritative 3.4.0 |
||
powerdns recursor |
||
powerdns recursor 3.7.2 |
||
powerdns recursor 3.7.1 |