CVE-2018-10851
EUVD-2018-292029.11.2018, 18:29
PowerDNS Authoritative Server 3.3.0 up to 4.1.4 excluding 4.1.5 and 4.0.6, and PowerDNS Recursor 3.2 up to 4.1.4 excluding 4.1.5 and 4.0.9, are vulnerable to a memory leak while parsing malformed records that can lead to remote denial of service.Enginsight
Affected Products (NVD)
| Vendor | Product | Version |
|---|---|---|
| powerdns | authoritative | 3.3 ≤ 𝑥 ≤ 4.1.4 |
| powerdns | recursor | 3.2 ≤ 𝑥 ≤ 4.1.4 |
𝑥
= Vulnerable software versions
Debian Releases
Ubuntu Releases
Ubuntu Product | |||||||||||||||||||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
| pdns |
| ||||||||||||||||||||||||||||||
| pdns-recursor |
|
Common Weakness Enumeration
- CWE-400 - Uncontrolled Resource ConsumptionThe software does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.
- CWE-772 - Missing Release of Resource after Effective LifetimeThe software does not release a resource after its effective lifetime has ended, i.e., after the resource is no longer needed.
References