Vulnerability CVE-2018-10851: Information

Description

PowerDNS Authoritative Server 3.3.0 up to 4.1.4 excluding 4.1.5 and 4.0.6, and PowerDNS Recursor 3.2 up to 4.1.4 excluding 4.1.5 and 4.0.9, are vulnerable to a memory leak while parsing malformed records that can lead to remote denial of service.

Severity: HIGH (7.5) Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2018-10851
Published: Nov. 29, 2018
Modified: Oct. 10, 2019
Error type identifier: CWE-772

Fixed packages

Package name
Branch
Fixed in version
Version from repository
Errata ID
Task #
State
pdnssisyphus4.2.1-alt14.8.4-alt1ALT-PU-2020-1325-1246815Fixed
pdnsp104.2.1-alt14.8.4-alt0.p10ALT-PU-2020-1325-1246815Fixed
pdnsp94.2.1-alt14.2.2-alt4.1ALT-PU-2020-1407-1246979Fixed
pdnsc10f14.2.1-alt14.6.3-alt2ALT-PU-2020-1325-1246815Fixed
pdnsc9f24.2.1-alt14.2.2-alt4.1ALT-PU-2020-1407-1246979Fixed

References to Advisories, Solutions, and Tools

Hyperlink
Resource
https://doc.powerdns.com/recursor/security-advisories/powerdns-advisory-2018-04.html
  • Vendor Advisory
https://doc.powerdns.com/authoritative/security-advisories/powerdns-advisory-2018-03.html
  • Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-10851
  • Issue Tracking
  • Third Party Advisory

    1. Configuration 1

      cpe:2.3:a:powerdns:recursor:*:*:*:*:*:*:*:*
      Start including
      3.2
      End including
      4.1.4
      cpe:2.3:a:powerdns:authoritative:*:*:*:*:*:*:*:*
      Start including
      3.3
      End including
      4.1.4
VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
Version: v24.4.2
Back to top