Candidate: CVE-2018-10851 PublicDate: 2018-11-29 18:29:00 UTC References: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-10851 https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2018-03.html https://downloads.powerdns.com/patches/2018-03/ https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2018-04.html https://downloads.powerdns.com/patches/2018-04/ Description: PowerDNS Authoritative Server 3.3.0 up to 4.1.4 excluding 4.1.5 and 4.0.6, and PowerDNS Recursor 3.2 up to 4.1.4 excluding 4.1.5 and 4.0.9, are vulnerable to a memory leak while parsing malformed records that can lead to remote denial of service. Ubuntu-Description: Notes: Bugs: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913163 http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=913162 Priority: medium Discovered-by: Assigned-to: CVSS: nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H [7.5 HIGH] Patches_pdns: upstream_pdns: needs-triage precise/esm_pdns: DNE trusty_pdns: ignored (reached end-of-life) trusty/esm_pdns: DNE (trusty was needs-triage) xenial_pdns: ignored (end of standard support, was needs-triage) bionic_pdns: needs-triage cosmic_pdns: ignored (reached end-of-life) disco_pdns: ignored (reached end-of-life) eoan_pdns: ignored (reached end-of-life) focal_pdns: needs-triage groovy_pdns: ignored (reached end-of-life) hirsute_pdns: ignored (reached end-of-life) impish_pdns: needs-triage jammy_pdns: needs-triage devel_pdns: needs-triage Patches_pdns-recursor: upstream_pdns-recursor: released (4.1.7-1) precise/esm_pdns-recursor: DNE trusty_pdns-recursor: ignored (reached end-of-life) trusty/esm_pdns-recursor: DNE (trusty was needs-triage) xenial_pdns-recursor: ignored (end of standard support, was needs-triage) bionic_pdns-recursor: needs-triage cosmic_pdns-recursor: ignored (reached end-of-life) disco_pdns-recursor: ignored (reached end-of-life) eoan_pdns-recursor: not-affected (4.2.0-6) focal_pdns-recursor: not-affected (4.2.0-6) groovy_pdns-recursor: not-affected (4.2.0-6) hirsute_pdns-recursor: not-affected (4.2.0-6) impish_pdns-recursor: not-affected (4.2.0-6) jammy_pdns-recursor: not-affected (4.2.0-6) devel_pdns-recursor: not-affected (4.2.0-6)