Published: 29/11/2018 Updated: 09/10/2019

CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10

CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9

VMScore: 445

Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P

PowerDNS Authoritative Server 4.1.0 up to 4.1.4 inclusive and PowerDNS Recursor 4.0.0 up to 4.1.4 inclusive are vulnerable to a packet cache pollution via crafted query that can lead to denial of service.

Vulnerable Product	Search on Vulmon	Subscribe to Product
powerdns authoritative
powerdns recursor

Debian Bug report logs - #913162 CVE-2018-10851 CVE-2018-14626 CVE-2018-14644 Package: pdns-recursor; Maintainer for pdns-recursor is pdns-recursor packagers <pdns-recursor@packagesdebianorg>; Source for pdns-recursor is src:pdns-recursor (PTS, buildd, popcon) Reported by: Moritz Muehlenhoff <jmm@debianorg> Date: ...

An issue has been found in PowerDNS Authoritative Server before 415 and PowerDNS Recursor before 415, allowing a remote user to craft a DNS query that will cause an answer without DNSSEC records to be inserted into the packet cache and be returned to clients asking for DNSSEC records, thus hiding the presence of DNSSEC signatures for a specific ...

NVD-CWE-noinfo https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2018-06.html https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2018-05.html https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14626 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913162 https://nvd.nist.gov https://security.archlinux.org/CVE-2018-14626

CVE-2018-14626

Vulnerability Summary

Vulnerability Trend

Vendor Advisories

References

Vulmon Search

About

Products

Connect