CVE-2015-1868
Published: 18 May 2015
The label decompression functionality in PowerDNS Recursor 3.5.x, 3.6.x before 3.6.3, and 3.7.x before 3.7.2 and Authoritative (Auth) Server 3.2.x, 3.3.x before 3.3.2, and 3.4.x before 3.4.4 allows remote attackers to cause a denial of service (CPU consumption or crash) via a request with a name that refers to itself.
Notes
| Author | Note |
|---|---|
| mdeslaur | 3.2+ pdns only, 3.5+ recursor only |
Priority
Status
| Package | Release | Status |
|---|---|---|
|
pdns Launchpad, Ubuntu, Debian |
lucid |
Ignored
(end of life)
|
| precise |
Not vulnerable
(3.0-1.1ubuntu1)
|
|
| trusty |
Released
(3.3-2ubuntu0.1)
|
|
| upstream |
Released
(3.4.4)
|
|
| utopic |
Ignored
(end of life)
|
|
| vivid |
Ignored
(end of life)
|
|
| wily |
Not vulnerable
(3.4.5-1)
|
|
| xenial |
Not vulnerable
(3.4.5-1)
|
|
| yakkety |
Not vulnerable
(3.4.5-1)
|
|
|
pdns-recursor Launchpad, Ubuntu, Debian |
lucid |
Ignored
(end of life)
|
| precise |
Not vulnerable
(3.3-2)
|
|
| trusty |
Released
(3.5.3-1ubuntu0.1)
|
|
| upstream |
Released
(3.6.3,3.7.2)
|
|
| utopic |
Ignored
(end of life)
|
|
| vivid |
Released
(3.6.2-2+deb8u2build0.15.04.1)
|
|
| wily |
Not vulnerable
(3.7.3-1)
|
|
| xenial |
Not vulnerable
(3.7.3-1)
|
|
| yakkety |
Not vulnerable
(3.7.3-1)
|