Denial of Service Vulnerability in PowerDNS Recursor and Authoritative Server
CVE-2015-5470

Currently unrated

Key Information:

Vendor: Powerdns
Status: Authoritative
Vendor: CVE Published:; 2 November 2015

Summary

The label decompression feature in both the PowerDNS Recursor and Authoritative Server versions prior to specified releases is susceptible to a denial of service attack. By sending a specially crafted request containing a long self-referential name, remote attackers can initiate excessive CPU usage or cause the server to crash. This vulnerability arises from an incomplete resolution of a prior security issue (CVE-2015-1868), highlighting the importance of maintaining updated software versions to mitigate such risks.

References

https://doc.powerdns.com/md/security/powerdns-advisory-20...

x_refsource_CONFIRM

http://www.openwall.com/lists/oss-security/2015/07/10/8

mailing-listx_refsource_MLIST

http://www.openwall.com/lists/oss-security/2015/07/07/6

mailing-listx_refsource_MLIST

Timeline

Vulnerability published
Nov 2, 2015
Vulnerability Reserved
Jul 10, 2015