CVE-2015-1868

NameCVE-2015-1868
DescriptionThe label decompression functionality in PowerDNS Recursor 3.5.x, 3.6.x before 3.6.3, and 3.7.x before 3.7.2 and Authoritative (Auth) Server 3.2.x, 3.3.x before 3.3.2, and 3.4.x before 3.4.4 allows remote attackers to cause a denial of service (CPU consumption or crash) via a request with a name that refers to itself.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severityhigh

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
pdns (PTS)stretch (security), stretch4.0.3-1+deb9u5fixed
buster4.1.6-3+deb10u1fixed
bullseye4.4.1-1fixed
bookworm, sid4.4.1-3fixed
pdns-recursor (PTS)buster, buster (security)4.1.11-1+deb10u1fixed
bookworm, bullseye4.4.2-3fixed
sid4.5.5-1fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
pdnssourcesqueeze(not affected)
pdnssourcewheezy(not affected)
pdnssourcejessie3.4.1-4+deb8u1
pdnssource(unstable)3.4.4-1
pdns-recursorsourcesqueeze(not affected)
pdns-recursorsourcewheezy(not affected)
pdns-recursorsourcejessie3.6.2-2+deb8u1
pdns-recursorsource(unstable)3.7.2-1

Notes

[wheezy] - pdns <not-affected> (3.2 and up affected)
[squeeze] - pdns <not-affected> (3.2 and up affected)
[wheezy] - pdns-recursor <not-affected> (3.5 and up affected)
[squeeze] - pdns-recursor <not-affected> (3.5 and up affected)
https://doc.powerdns.com/md/security/powerdns-advisory-2015-01/

Search for package or bug name: Reporting problems