Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2015-5470

Опубликовано: 02 нояб. 2015
Источник: debian
EPSS Низкий

Описание

The label decompression functionality in PowerDNS Recursor before 3.6.4 and 3.7.x before 3.7.3 and Authoritative (Auth) Server before 3.3.3 and 3.4.x before 3.4.5 allows remote attackers to cause a denial of service (CPU consumption or crash) via a request with a long name that refers to itself. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1868.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
pdnsfixed3.4.5-1package
pdnsnot-affectedwheezypackage
pdnsnot-affectedsqueezepackage
pdns-recursorfixed3.7.3-1package
pdns-recursornot-affectedwheezypackage
pdns-recursornot-affectedsqueezepackage

Примечания

  • https://www.openwall.com/lists/oss-security/2015/07/07/6

  • https://doc.powerdns.com/md/security/powerdns-advisory-2015-01/

  • Patch: http://downloads.powerdns.com/patches/2015-01/rec-3.7.2.patch

EPSS

Процентиль: 84%
0.02321
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2015-5470

ubuntu
больше 10 лет назад

The label decompression functionality in PowerDNS Recursor before 3.6.4 and 3.7.x before 3.7.3 and Authoritative (Auth) Server before 3.3.3 and 3.4.x before 3.4.5 allows remote attackers to cause a denial of service (CPU consumption or crash) via a request with a long name that refers to itself. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1868.

nvd логотип

CVE-2015-5470

nvd
больше 10 лет назад

The label decompression functionality in PowerDNS Recursor before 3.6.4 and 3.7.x before 3.7.3 and Authoritative (Auth) Server before 3.3.3 and 3.4.x before 3.4.5 allows remote attackers to cause a denial of service (CPU consumption or crash) via a request with a long name that refers to itself. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1868.

github логотип

GHSA-vh8j-jj36-28wq

github
больше 3 лет назад

The label decompression functionality in PowerDNS Recursor before 3.6.4 and 3.7.x before 3.7.3 and Authoritative (Auth) Server before 3.3.3 and 3.4.x before 3.4.5 allows remote attackers to cause a denial of service (CPU consumption or crash) via a request with a long name that refers to itself. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1868.

EPSS

Процентиль: 84%
0.02321
Низкий