CVE-2015-5470

The label decompression functionality in PowerDNS Recursor before 3.6.4 and 3.7.x before 3.7.3 and Authoritative (Auth) Server before 3.3.3 and 3.4.x before 3.4.5 allows remote attackers to cause a denial of service (CPU consumption or crash) via a request with a long name that refers to itself. NOTE: this vulnerability exists because of an incomplete fix for CVE-2015-1868.

Published: Nov 2, 2015
Updated: Apr 13, 2023
CVE: CVE-2015-5470
Severity: High
Exploit:

CVSS v2:

Severity: High
Score: 7.8
AV:N/AC:L/Au:N/C:N/I:N/A:C

CWEs:

CWE-399

Affected Software
References

Software	From	Fixed in
powerdns / authoritative	3.4.1	3.4.1.x
powerdns / authoritative	-	3.3.2.x
powerdns / authoritative	3.4.2	3.4.2.x
powerdns / authoritative	3.4.0	3.4.0.x
powerdns / authoritative	3.4.3	3.4.3.x
powerdns / authoritative	3.4.4	3.4.4.x
powerdns / recursor	3.7.2	3.7.2.x
powerdns / recursor	-	3.6.3.x
powerdns / recursor	3.7.1	3.7.1.x

http://www.openwall.com/lists/oss-security/2015/07/07/6
http://www.openwall.com/lists/oss-security/2015/07/10/8
https://doc.powerdns.com/md/security/powerdns-advisory-2015-01/

Vulnerability Database

289,599

CVE-2015-5470