CVE-2015-5695

6.5MEDIUM

Key Information

Vendor: Openstack
Status: Designate
Vendor: CVE Published:; 31 August 2017

Summary

Designate 2015.1.0 through 1.0.0.0b1 as packaged in OpenStack Kilo does not enforce RecordSets per domain, and Records per RecordSet quotas when processing an internal zone file transfer, which might allow remote attackers to cause a denial of service (infinite loop) via a crafted resource record set.

CVSS V3.1

Score:

6.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published.
Aug 31, 2017
Vulnerability Reserved.
Jul 28, 2015

Collectors

NVD DatabaseMitre Database