Memory Leak Vulnerability in PowerDNS Authoritative Server and Recursor
CVE-2018-10851

5.3MEDIUM

Key Information:

Vendor
The Powerdns Project
Status
Pdns
Pdns-recursor
Vendor
CVE Published:
29 November 2018

Summary

PowerDNS Authoritative Server versions 3.3.0 through 4.1.4 and PowerDNS Recursor versions 3.2 through 4.1.4 are susceptible to a memory leak vulnerability. This issue arises during the parsing of malformed DNS records, which can lead to exhaustion of system memory. Attackers can exploit this vulnerability remotely, potentially resulting in a denial of service, affecting the availability and performance of the DNS service. Immediate updates to the latest versions are recommended to mitigate this threat.

Affected Version(s)

pdns 3.3.0 to 4.1.4, excluding 4.1.5 and 4.0.6

pdns-recursor 3.2 to 4.1.4, excluding 4.1.5 and 4.0.9

References

https://doc.powerdns.com/recursor/security-advisories/pow...
x_refsource_CONFIRM
https://doc.powerdns.com/authoritative/security-advisorie...
x_refsource_CONFIRM
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10851
x_refsource_CONFIRM

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.