CVE-2015-1868

NameCVE-2015-1868
DescriptionThe label decompression functionality in PowerDNS Recursor 3.5.x, 3.6.x before 3.6.3, and 3.7.x before 3.7.2 and Authoritative (Auth) Server 3.2.x, 3.3.x before 3.3.2, and 3.4.x before 3.4.4 allows remote attackers to cause a denial of service (CPU consumption or crash) via a request with a name that refers to itself.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
pdns (PTS)bullseye4.4.1-1fixed
bookworm4.7.3-2fixed
trixie4.9.2-1fixed
sid4.9.3-1fixed
pdns-recursor (PTS)bullseye4.4.2-3fixed
bookworm, bookworm (security)4.8.8-1fixed
sid, trixie5.1.3-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
pdnssourcesqueeze(not affected)
pdnssourcewheezy(not affected)
pdnssourcejessie3.4.1-4+deb8u1
pdnssource(unstable)3.4.4-1
pdns-recursorsourcesqueeze(not affected)
pdns-recursorsourcewheezy(not affected)
pdns-recursorsourcejessie3.6.2-2+deb8u1
pdns-recursorsource(unstable)3.7.2-1

Notes

[wheezy] - pdns <not-affected> (3.2 and up affected)
[squeeze] - pdns <not-affected> (3.2 and up affected)
[wheezy] - pdns-recursor <not-affected> (3.5 and up affected)
[squeeze] - pdns-recursor <not-affected> (3.5 and up affected)
https://doc.powerdns.com/md/security/powerdns-advisory-2015-01/

Search for package or bug name: Reporting problems