CVE-2015-5470

Priority
Description
The label decompression functionality in PowerDNS Recursor before 3.6.4 and
3.7.x before 3.7.3 and Authoritative (Auth) Server before 3.3.3 and 3.4.x
before 3.4.5 allows remote attackers to cause a denial of service (CPU
consumption or crash) via a request with a long name that refers to itself.
NOTE: this vulnerability exists because of an incomplete fix for
CVE-2015-1868.
Notes
mdeslaurincomplete fix for CVE-2015-1868
only affected pdns 3.2+ and pdns-recursor 3.5+
Package
Source: pdns (LP Ubuntu Debian)
Upstream:released (3.4.5-1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was not-affected [3.0-1.1ubuntu1])
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was needed)
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (3.4.5-1)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (3.4.5-1)
Ubuntu 19.10 (Eoan Ermine):not-affected (3.4.5-1)
Package
Upstream:released (3.7.3-1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was not-affected [3.3-2])
Ubuntu 14.04 ESM (Trusty Tahr):DNE (trusty was released [3.5.3-1ubuntu0.1])
Ubuntu 16.04 LTS (Xenial Xerus):not-affected (3.7.3-1)
Ubuntu 18.04 LTS (Bionic Beaver):not-affected (3.7.3-1)
Ubuntu 19.10 (Eoan Ermine):not-affected (3.7.3-1)
More Information

Updated: 2020-01-29 19:52:43 UTC (commit 768ceb2fdee6790d707d0f681e1b54916744af1e)