VYPR
Get started
← All advisories
Unrated severityNVD Advisory· Published May 18, 2015· Updated May 6, 2026

CVE-2015-1868

CVE-2015-1868

Description

The label decompression functionality in PowerDNS Recursor 3.5.x, 3.6.x before 3.6.3, and 3.7.x before 3.7.2 and Authoritative (Auth) Server 3.2.x, 3.3.x before 3.3.2, and 3.4.x before 3.4.4 allows remote attackers to cause a denial of service (CPU consumption or crash) via a request with a name that refers to itself.

Affected products

19
  • PowerDNS/Authoritative7 versions
    cpe:2.3:a:powerdns:authoritative:3.3.1:*:*:*:*:*:*:*+ 6 more
    • cpe:2.3:a:powerdns:authoritative:3.3.1:*:*:*:*:*:*:*
    • cpe:2.3:a:powerdns:authoritative:3.3.2:*:*:*:*:*:*:*
    • cpe:2.3:a:powerdns:authoritative:3.4.0:*:*:*:*:*:*:*
    • cpe:2.3:a:powerdns:authoritative:3.4.1:*:*:*:*:*:*:*
    • cpe:2.3:a:powerdns:authoritative:3.4.3:*:*:*:*:*:*:*
    • cpe:2.3:a:powerdns:authoritative:3.2:*:*:*:*:*:*:*
    • cpe:2.3:a:powerdns:authoritative:3.3:*:*:*:*:*:*:*
  • Fedoraproject/Fedora3 versions
    cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*+ 2 more
    • cpe:2.3:o:fedoraproject:fedora:20:*:*:*:*:*:*:*
    • cpe:2.3:o:fedoraproject:fedora:21:*:*:*:*:*:*:*
    • cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*
  • PowerDNS/Recursor9 versions
    cpe:2.3:a:powerdns:recursor:3.5:*:*:*:*:*:*:*+ 8 more
    • cpe:2.3:a:powerdns:recursor:3.5:*:*:*:*:*:*:*
    • cpe:2.3:a:powerdns:recursor:3.5.1:*:*:*:*:*:*:*
    • cpe:2.3:a:powerdns:recursor:3.5.2:*:*:*:*:*:*:*
    • cpe:2.3:a:powerdns:recursor:3.5.3:*:*:*:*:*:*:*
    • cpe:2.3:a:powerdns:recursor:3.6.0:*:*:*:*:*:*:*
    • cpe:2.3:a:powerdns:recursor:3.6.1:*:*:*:*:*:*:*
    • cpe:2.3:a:powerdns:recursor:3.6.2:*:*:*:*:*:*:*
    • cpe:2.3:a:powerdns:recursor:3.6.3:*:*:*:*:*:*:*
    • cpe:2.3:a:powerdns:recursor:3.7.1:*:*:*:*:*:*:*

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

10

News mentions

0

No linked articles in our index yet.