Candidate: CVE-2016-7068
PublicDate: 2018-09-11 13:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-7068
 https://doc.powerdns.com/md/security/powerdns-advisory-2016-02/
Description:
 An issue has been found in PowerDNS before 3.4.11 and 4.0.2, and PowerDNS
 recursor before 3.7.4 and 4.0.4, allowing a remote, unauthenticated
 attacker to cause an abnormal CPU usage load on the PowerDNS server by
 sending crafted DNS queries, which might result in a partial denial of
 service if the system becomes overloaded. This issue is based on the fact
 that the PowerDNS server parses all records present in a query regardless
 of whether they are needed or even legitimate. A specially crafted query
 containing a large number of records can be used to take advantage of that
 behaviour.
Ubuntu-Description:
Notes:
Bugs:
 https://bugs.launchpad.net/ubuntu/+source/pdns-recursor/+bug/1656931
Priority: low
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H [7.5 HIGH]

Patches_pdns:
upstream_pdns: released (4.0.2-1)
precise_pdns: ignored (reached end-of-life)
precise/esm_pdns: DNE (precise was needs-triage)
trusty_pdns: ignored (reached end-of-life)
trusty/esm_pdns: DNE (trusty was needed)
vivid/stable-phone-overlay_pdns: DNE
vivid/ubuntu-core_pdns: DNE
xenial_pdns: ignored (end of standard support, was needed)
yakkety_pdns: ignored (reached end-of-life)
zesty_pdns: ignored (reached end-of-life)
artful_pdns: ignored (reached end-of-life)
bionic_pdns: not-affected (4.0.2-1)
cosmic_pdns: not-affected (4.0.2-1)
disco_pdns: not-affected (4.0.2-1)
eoan_pdns: not-affected (4.0.2-1)
focal_pdns: not-affected (4.0.2-1)
groovy_pdns: not-affected (4.0.2-1)
hirsute_pdns: not-affected (4.0.2-1)
impish_pdns: not-affected (4.0.2-1)
jammy_pdns: not-affected (4.0.2-1)
devel_pdns: not-affected (4.0.2-1)

Patches_pdns-recursor:
upstream_pdns-recursor: released (4.0.4-1)
precise_pdns-recursor: ignored (reached end-of-life)
precise/esm_pdns-recursor: DNE (precise was needs-triage)
trusty_pdns-recursor: released (3.5.3-1ubuntu0.1)
trusty/esm_pdns-recursor: DNE (trusty was released [3.5.3-1ubuntu0.1])
vivid/stable-phone-overlay_pdns-recursor: DNE
vivid/ubuntu-core_pdns-recursor: DNE
xenial_pdns-recursor: ignored (end of standard support, was needed)
yakkety_pdns-recursor: ignored (reached end-of-life)
zesty_pdns-recursor: not-affected (4.0.4-1)
artful_pdns-recursor: not-affected (4.0.4-1)
bionic_pdns-recursor: not-affected (4.0.4-1)
cosmic_pdns-recursor: not-affected (4.0.4-1)
disco_pdns-recursor: not-affected (4.0.4-1)
eoan_pdns-recursor: not-affected (4.0.4-1)
focal_pdns-recursor: not-affected (4.0.4-1)
groovy_pdns-recursor: not-affected (4.0.4-1)
hirsute_pdns-recursor: not-affected (4.0.4-1)
impish_pdns-recursor: not-affected (4.0.4-1)
jammy_pdns-recursor: not-affected (4.0.4-1)
devel_pdns-recursor: not-affected (4.0.4-1)