Vulnerability Details : CVE-2015-1868
The label decompression functionality in PowerDNS Recursor 3.5.x, 3.6.x before 3.6.3, and 3.7.x before 3.7.2 and Authoritative (Auth) Server 3.2.x, 3.3.x before 3.3.2, and 3.4.x before 3.4.4 allows remote attackers to cause a denial of service (CPU consumption or crash) via a request with a name that refers to itself.
Vulnerability category: Denial of service
Products affected by CVE-2015-1868
- cpe:2.3:a:powerdns:recursor:3.5:*:*:*:*:*:*:*
- cpe:2.3:a:powerdns:recursor:3.6.0:*:*:*:*:*:*:*
- cpe:2.3:a:powerdns:recursor:3.6.1:*:*:*:*:*:*:*
- cpe:2.3:a:powerdns:recursor:3.6.2:*:*:*:*:*:*:*
- cpe:2.3:a:powerdns:recursor:3.5.3:*:*:*:*:*:*:*
- cpe:2.3:a:powerdns:recursor:3.6.3:*:*:*:*:*:*:*
- cpe:2.3:a:powerdns:recursor:3.7.1:*:*:*:*:*:*:*
- cpe:2.3:a:powerdns:recursor:3.5.2:*:*:*:*:*:*:*
- cpe:2.3:a:powerdns:recursor:3.5.1:*:*:*:*:*:*:*
- cpe:2.3:a:powerdns:authoritative:3.2:*:*:*:*:*:*:*
- cpe:2.3:a:powerdns:authoritative:3.3:*:*:*:*:*:*:*
- cpe:2.3:a:powerdns:authoritative:3.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:powerdns:authoritative:3.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:powerdns:authoritative:3.4.0:*:*:*:*:*:*:*
- cpe:2.3:a:powerdns:authoritative:3.4.1:*:*:*:*:*:*:*
- cpe:2.3:a:powerdns:authoritative:3.4.3:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*
Threat overview for CVE-2015-1868
Top countries where our scanners detected CVE-2015-1868
Top open port discovered on systems with this issue
53
IPs affected by CVE-2015-1868 1,515
Threat actors abusing to this issue?
Yes
Find out if you* are
affected by CVE-2015-1868!
*Directly or indirectly through your vendors, service providers and 3rd parties.
Powered by
attack surface intelligence
from SecurityScorecard.
Exploit prediction scoring system (EPSS) score for CVE-2015-1868
4.55%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 91 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2015-1868
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
7.8
|
HIGH | AV:N/AC:L/Au:N/C:N/I:N/A:C |
10.0
|
6.9
|
NIST |
CWE ids for CVE-2015-1868
-
Assigned by: nvd@nist.gov (Primary)
References for CVE-2015-1868
-
http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156655.html
[SECURITY] Fedora 22 Update: pdns-recursor-3.7.2-1.fc22Third Party Advisory
-
http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156680.html
[SECURITY] Fedora 21 Update: pdns-3.4.4-1.fc21Third Party Advisory
-
http://www.securitytracker.com/id/1032220
PowerDNS Label Decompression Bug Lets Remote Users Deny Service - SecurityTrackerThird Party Advisory
-
http://www.debian.org/security/2015/dsa-3306
Debian -- Security Information -- DSA-3306-1 pdns
-
http://www.debian.org/security/2015/dsa-3307
Debian -- Security Information -- DSA-3307-1 pdns-recursor
-
http://www.securityfocus.com/bid/74306
Multiple PowerDNS Products CVE-2015-1868 Remote Denial of Service VulnerabilityThird Party Advisory
-
http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156743.html
[SECURITY] Fedora 22 Update: pdns-3.4.4-1.fc22Third Party Advisory
-
http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156648.html
[SECURITY] Fedora 20 Update: pdns-recursor-3.7.2-1.fc20Third Party Advisory
-
http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156667.html
[SECURITY] Fedora 20 Update: pdns-3.3.1-3.fc20Third Party Advisory
-
http://lists.fedoraproject.org/pipermail/package-announce/2015-April/156725.html
[SECURITY] Fedora 21 Update: pdns-recursor-3.7.2-1.fc21Third Party Advisory
Jump to