Candidate: CVE-2018-16855
PublicDate: 2018-12-03 14:29:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-16855
 https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2018-09.html
Description:
 An issue has been found in PowerDNS Recursor before version 4.1.8 where a
 remote attacker sending a DNS query can trigger an out-of-bounds memory
 read while computing the hash of the query for a packet cache lookup,
 possibly leading to a crash.
Ubuntu-Description:
Notes:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H [7.5 HIGH]


Patches_pdns-recursor:
upstream_pdns-recursor: released (4.1.8-1)
precise/esm_pdns-recursor: DNE
trusty_pdns-recursor: not-affected (code not present)
trusty/esm_pdns-recursor: DNE (trusty was not-affected [code not present])
xenial_pdns-recursor: not-affected (code not present)
bionic_pdns-recursor: needed
cosmic_pdns-recursor: ignored (reached end-of-life)
disco_pdns-recursor: released (4.1.8-1)
eoan_pdns-recursor: released (4.1.8-1)
focal_pdns-recursor: released (4.1.8-1)
groovy_pdns-recursor: released (4.1.8-1)
hirsute_pdns-recursor: released (4.1.8-1)
impish_pdns-recursor: released (4.1.8-1)
jammy_pdns-recursor: released (4.1.8-1)
devel_pdns-recursor: released (4.1.8-1)