CVE-2015-5695

NameCVE-2015-5695
DescriptionDesignate 2015.1.0 through 1.0.0.0b1 as packaged in OpenStack Kilo does not enforce RecordSets per domain, and Records per RecordSet quotas when processing an internal zone file transfer, which might allow remote attackers to cause a denial of service (infinite loop) via a crafted resource record set.
SourceCVE (at NVD; CERT, LWN, oss-sec, fulldisc, bugtraq, EDB, Metasploit, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, Mageia, GitHub code/issues, web search, more)
NVD severitymedium
Debian Bugs796108

Vulnerable and fixed packages

The table below lists information on source packages.

Source PackageReleaseVersionStatus
designate (PTS)jessie2014.1-18+deb8u1fixed
stretch1:3.0.0-4fixed
buster1:7.0.0-2fixed
bullseye, sid1:9.0.0-2fixed

The information below is based on the following data on fixed versions.

PackageTypeReleaseFixed VersionUrgencyOriginDebian Bugs
designatesource(unstable)2015.1.0+2015.08.26.git34.9fa07c5798-1796108
designatesourceexperimental1:1.0.0~b2-1
designatesourcejessie2014.1-18+deb8u1

Search for package or bug name: Reporting problems