Published: 29/11/2018 Updated: 09/10/2019

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

PowerDNS Authoritative Server 3.3.0 up to 4.1.4 excluding 4.1.5 and 4.0.6, and PowerDNS Recursor 3.2 up to 4.1.4 excluding 4.1.5 and 4.0.9, are vulnerable to a memory leak while parsing malformed records that can lead to remote denial of service.

Vulnerable Product	Search on Vulmon	Subscribe to Product
powerdns recursor
powerdns authoritative

Debian Bug report logs - #913162 CVE-2018-10851 CVE-2018-14626 CVE-2018-14644 Package: pdns-recursor; Maintainer for pdns-recursor is pdns-recursor packagers <pdns-recursor@packagesdebianorg>; Source for pdns-recursor is src:pdns-recursor (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: ...

An issue has been found in PowerDNS Authoritative Server before 415 and PowerDNS Recursor before 415 The issue is due to the fact that some memory is allocated before the parsing and is not always properly released if the record is malformed In the authoritative server case, it allows an authorized user to cause a memory leak by inserting a s ...

CWE-772 https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2018-04.html https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2018-03.html https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10851 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913162 https://nvd.nist.gov https://security.archlinux.org/CVE-2018-10851

CVE-2018-10851

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect