CVE-2015-5470
02.11.2015, 19:59
The label decompression functionality in PowerDNS Recursor before 3.6.4 and 3.7.x before 3.7.3 and Authoritative (Auth) Server before 3.3.3 and 3.4.x before 3.4.5 allows remote attackers to cause a denial of service (CPU consumption or crash) via a request with a long name that refers to itself. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1868.Enginsight
| Vendor | Product | Version |
|---|---|---|
| powerdns | authoritative | 𝑥 ≤ 3.3.2 |
| powerdns | authoritative | 3.4.0 |
| powerdns | authoritative | 3.4.1 |
| powerdns | authoritative | 3.4.2 |
| powerdns | authoritative | 3.4.3 |
| powerdns | authoritative | 3.4.4 |
| powerdns | recursor | 𝑥 ≤ 3.6.3 |
| powerdns | recursor | 3.7.1 |
| powerdns | recursor | 3.7.2 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
Ubuntu Product | |||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| pdns |
| ||||||||||||||||||||||||
| pdns-recursor |
|
Common Weakness Enumeration
References