CVE-2018-14626

Name	CVE-2018-14626
Description	PowerDNS Authoritative Server 4.1.0 up to 4.1.4 inclusive and PowerDNS Recursor 4.0.0 up to 4.1.4 inclusive are vulnerable to a packet cache pollution via crafted query that can lead to denial of service.
Source	CVE (at NVD; CERT, ENISA, LWN, oss-sec, fulldisc, Debian ELTS, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
Debian Bugs	913162, 913163

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
pdns (PTS)	bullseye	4.4.1-1	fixed
	bookworm	4.7.3-2	fixed
	trixie	4.9.7-1	fixed
	forky, sid	5.0.1-1	fixed
pdns-recursor (PTS)	bullseye	4.4.2-3	fixed
	bookworm (security), bookworm	4.8.8-1+deb12u1	fixed
	trixie	5.2.4-2	fixed
	trixie (security)	5.2.6-0+deb13u1	fixed
	forky, sid	5.3.1-1	fixed

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Debian Bugs
pdns	source	jessie	(not affected)
pdns	source	stretch	(not affected)
pdns	source	(unstable)	4.1.5-1	913163
pdns-recursor	source	jessie	(not affected)
pdns-recursor	source	stretch	4.0.4-1+deb9u4
pdns-recursor	source	(unstable)	4.1.7-1	913162

Notes

[stretch] - pdns <not-affected> (Vulnerable code present only in >=  4.1.0)
[jessie] - pdns <not-affected> (Vulnerable code not present)
[jessie] - pdns-recursor <not-affected> (Vulnerable code not present)
https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2018-05.html
Patches: https://downloads.powerdns.com/patches/2018-05/
https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2018-06.html
Patches: https://downloads.powerdns.com/patches/2018-06/