Memory Leak Vulnerability in PowerDNS Authoritative Server and Recursor
CVE-2018-10851

5.3MEDIUM

Key Information:

Vendor

The Powerdns Project

Status
Pdns
Pdns-recursor
Vendor
CVE Published:
29 November 2018

What is CVE-2018-10851?

PowerDNS Authoritative Server versions 3.3.0 through 4.1.4 and PowerDNS Recursor versions 3.2 through 4.1.4 are susceptible to a memory leak vulnerability. This issue arises during the parsing of malformed DNS records, which can lead to exhaustion of system memory. Attackers can exploit this vulnerability remotely, potentially resulting in a denial of service, affecting the availability and performance of the DNS service. Immediate updates to the latest versions are recommended to mitigate this threat.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

Affected Version(s)

pdns 3.3.0 to 4.1.4, excluding 4.1.5 and 4.0.6

pdns-recursor 3.2 to 4.1.4, excluding 4.1.5 and 4.0.9

References

https://doc.powerdns.com/recursor/security-advisories/pow...
x_refsource_CONFIRM
https://doc.powerdns.com/authoritative/security-advisorie...
x_refsource_CONFIRM
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10851
x_refsource_CONFIRM

CVSS V3.1

Score:
5.3
Severity:
MEDIUM
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
High
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

JSON
.