ID CVE-2018-10851
Summary PowerDNS Authoritative Server 3.3.0 up to 4.1.4 excluding 4.1.5 and 4.0.6, and PowerDNS Recursor 3.2 up to 4.1.4 excluding 4.1.5 and 4.0.9, are vulnerable to a memory leak while parsing malformed records that can lead to remote denial of service.
References
Vulnerable Configurations
  • cpe:2.3:a:powerdns:authoritative:3.3:*:*:*:*:*:*:*
    cpe:2.3:a:powerdns:authoritative:3.3:*:*:*:*:*:*:*
  • cpe:2.3:a:powerdns:authoritative:3.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:powerdns:authoritative:3.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:powerdns:authoritative:3.3.2:*:*:*:*:*:*:*
    cpe:2.3:a:powerdns:authoritative:3.3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:powerdns:authoritative:3.3.3:*:*:*:*:*:*:*
    cpe:2.3:a:powerdns:authoritative:3.3.3:*:*:*:*:*:*:*
  • cpe:2.3:a:powerdns:authoritative:3.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:powerdns:authoritative:3.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:powerdns:authoritative:3.4.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:powerdns:authoritative:3.4.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:powerdns:authoritative:3.4.0:rc2:*:*:*:*:*:*
    cpe:2.3:a:powerdns:authoritative:3.4.0:rc2:*:*:*:*:*:*
  • cpe:2.3:a:powerdns:authoritative:3.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:powerdns:authoritative:3.4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:powerdns:authoritative:3.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:powerdns:authoritative:3.4.2:*:*:*:*:*:*:*
  • cpe:2.3:a:powerdns:authoritative:3.4.3:*:*:*:*:*:*:*
    cpe:2.3:a:powerdns:authoritative:3.4.3:*:*:*:*:*:*:*
  • cpe:2.3:a:powerdns:authoritative:3.4.4:*:*:*:*:*:*:*
    cpe:2.3:a:powerdns:authoritative:3.4.4:*:*:*:*:*:*:*
  • cpe:2.3:a:powerdns:authoritative:3.4.5:*:*:*:*:*:*:*
    cpe:2.3:a:powerdns:authoritative:3.4.5:*:*:*:*:*:*:*
  • cpe:2.3:a:powerdns:authoritative:3.4.6:*:*:*:*:*:*:*
    cpe:2.3:a:powerdns:authoritative:3.4.6:*:*:*:*:*:*:*
  • cpe:2.3:a:powerdns:authoritative:3.4.7:*:*:*:*:*:*:*
    cpe:2.3:a:powerdns:authoritative:3.4.7:*:*:*:*:*:*:*
  • cpe:2.3:a:powerdns:authoritative:3.4.8:*:*:*:*:*:*:*
    cpe:2.3:a:powerdns:authoritative:3.4.8:*:*:*:*:*:*:*
  • cpe:2.3:a:powerdns:authoritative:3.4.9:*:*:*:*:*:*:*
    cpe:2.3:a:powerdns:authoritative:3.4.9:*:*:*:*:*:*:*
  • cpe:2.3:a:powerdns:authoritative:3.4.10:*:*:*:*:*:*:*
    cpe:2.3:a:powerdns:authoritative:3.4.10:*:*:*:*:*:*:*
  • cpe:2.3:a:powerdns:authoritative:3.4.11:*:*:*:*:*:*:*
    cpe:2.3:a:powerdns:authoritative:3.4.11:*:*:*:*:*:*:*
  • cpe:2.3:a:powerdns:authoritative:3.5:*:*:*:*:*:*:*
    cpe:2.3:a:powerdns:authoritative:3.5:*:*:*:*:*:*:*
  • cpe:2.3:a:powerdns:authoritative:3.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:powerdns:authoritative:3.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:powerdns:authoritative:3.5.2:*:*:*:*:*:*:*
    cpe:2.3:a:powerdns:authoritative:3.5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:powerdns:authoritative:3.5.3:*:*:*:*:*:*:*
    cpe:2.3:a:powerdns:authoritative:3.5.3:*:*:*:*:*:*:*
  • cpe:2.3:a:powerdns:authoritative:3.6.0:*:*:*:*:*:*:*
    cpe:2.3:a:powerdns:authoritative:3.6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:powerdns:authoritative:3.6.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:powerdns:authoritative:3.6.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:powerdns:authoritative:3.6.1:*:*:*:*:*:*:*
    cpe:2.3:a:powerdns:authoritative:3.6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:powerdns:authoritative:3.6.2:*:*:*:*:*:*:*
    cpe:2.3:a:powerdns:authoritative:3.6.2:*:*:*:*:*:*:*
  • cpe:2.3:a:powerdns:authoritative:3.6.3:*:*:*:*:*:*:*
    cpe:2.3:a:powerdns:authoritative:3.6.3:*:*:*:*:*:*:*
  • cpe:2.3:a:powerdns:authoritative:3.6.4:*:*:*:*:*:*:*
    cpe:2.3:a:powerdns:authoritative:3.6.4:*:*:*:*:*:*:*
  • cpe:2.3:a:powerdns:authoritative:3.7.0:*:*:*:*:*:*:*
    cpe:2.3:a:powerdns:authoritative:3.7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:powerdns:authoritative:3.7.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:powerdns:authoritative:3.7.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:powerdns:authoritative:3.7.0:rc2:*:*:*:*:*:*
    cpe:2.3:a:powerdns:authoritative:3.7.0:rc2:*:*:*:*:*:*
  • cpe:2.3:a:powerdns:authoritative:3.7.1:*:*:*:*:*:*:*
    cpe:2.3:a:powerdns:authoritative:3.7.1:*:*:*:*:*:*:*
  • cpe:2.3:a:powerdns:authoritative:3.7.2:*:*:*:*:*:*:*
    cpe:2.3:a:powerdns:authoritative:3.7.2:*:*:*:*:*:*:*
  • cpe:2.3:a:powerdns:authoritative:3.7.3:*:*:*:*:*:*:*
    cpe:2.3:a:powerdns:authoritative:3.7.3:*:*:*:*:*:*:*
  • cpe:2.3:a:powerdns:authoritative:3.7.4:*:*:*:*:*:*:*
    cpe:2.3:a:powerdns:authoritative:3.7.4:*:*:*:*:*:*:*
  • cpe:2.3:a:powerdns:authoritative:4.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:powerdns:authoritative:4.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:powerdns:authoritative:4.0.0:-:*:*:*:*:*:*
    cpe:2.3:a:powerdns:authoritative:4.0.0:-:*:*:*:*:*:*
  • cpe:2.3:a:powerdns:authoritative:4.0.0:alpha1:*:*:*:*:*:*
    cpe:2.3:a:powerdns:authoritative:4.0.0:alpha1:*:*:*:*:*:*
  • cpe:2.3:a:powerdns:authoritative:4.0.0:alpha2:*:*:*:*:*:*
    cpe:2.3:a:powerdns:authoritative:4.0.0:alpha2:*:*:*:*:*:*
  • cpe:2.3:a:powerdns:authoritative:4.0.0:alpha3:*:*:*:*:*:*
    cpe:2.3:a:powerdns:authoritative:4.0.0:alpha3:*:*:*:*:*:*
  • cpe:2.3:a:powerdns:authoritative:4.0.0:beta1:*:*:*:*:*:*
    cpe:2.3:a:powerdns:authoritative:4.0.0:beta1:*:*:*:*:*:*
  • cpe:2.3:a:powerdns:authoritative:4.0.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:powerdns:authoritative:4.0.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:powerdns:authoritative:4.0.0:rc2:*:*:*:*:*:*
    cpe:2.3:a:powerdns:authoritative:4.0.0:rc2:*:*:*:*:*:*
  • cpe:2.3:a:powerdns:authoritative:4.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:powerdns:authoritative:4.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:powerdns:authoritative:4.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:powerdns:authoritative:4.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:powerdns:authoritative:4.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:powerdns:authoritative:4.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:powerdns:authoritative:4.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:powerdns:authoritative:4.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:powerdns:authoritative:4.0.4:rc1:*:*:*:*:*:*
    cpe:2.3:a:powerdns:authoritative:4.0.4:rc1:*:*:*:*:*:*
  • cpe:2.3:a:powerdns:authoritative:4.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:powerdns:authoritative:4.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:powerdns:authoritative:4.0.5:rc1:*:*:*:*:*:*
    cpe:2.3:a:powerdns:authoritative:4.0.5:rc1:*:*:*:*:*:*
  • cpe:2.3:a:powerdns:authoritative:4.0.5:rc2:*:*:*:*:*:*
    cpe:2.3:a:powerdns:authoritative:4.0.5:rc2:*:*:*:*:*:*
  • cpe:2.3:a:powerdns:authoritative:4.0.6:*:*:*:*:*:*:*
    cpe:2.3:a:powerdns:authoritative:4.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:powerdns:authoritative:4.0.7:*:*:*:*:*:*:*
    cpe:2.3:a:powerdns:authoritative:4.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:powerdns:authoritative:4.0.8:*:*:*:*:*:*:*
    cpe:2.3:a:powerdns:authoritative:4.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:powerdns:authoritative:4.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:powerdns:authoritative:4.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:powerdns:authoritative:4.1.0:-:*:*:*:*:*:*
    cpe:2.3:a:powerdns:authoritative:4.1.0:-:*:*:*:*:*:*
  • cpe:2.3:a:powerdns:authoritative:4.1.0:alpha1:*:*:*:*:*:*
    cpe:2.3:a:powerdns:authoritative:4.1.0:alpha1:*:*:*:*:*:*
  • cpe:2.3:a:powerdns:authoritative:4.1.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:powerdns:authoritative:4.1.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:powerdns:authoritative:4.1.0:rc2:*:*:*:*:*:*
    cpe:2.3:a:powerdns:authoritative:4.1.0:rc2:*:*:*:*:*:*
  • cpe:2.3:a:powerdns:authoritative:4.1.0:rc3:*:*:*:*:*:*
    cpe:2.3:a:powerdns:authoritative:4.1.0:rc3:*:*:*:*:*:*
  • cpe:2.3:a:powerdns:authoritative:4.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:powerdns:authoritative:4.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:powerdns:authoritative:4.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:powerdns:authoritative:4.1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:powerdns:authoritative:4.1.3:*:*:*:*:*:*:*
    cpe:2.3:a:powerdns:authoritative:4.1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:powerdns:authoritative:4.1.4:*:*:*:*:*:*:*
    cpe:2.3:a:powerdns:authoritative:4.1.4:*:*:*:*:*:*:*
  • cpe:2.3:a:powerdns:recursor:3.2:*:*:*:*:*:*:*
    cpe:2.3:a:powerdns:recursor:3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:powerdns:recursor:3.3:*:*:*:*:*:*:*
    cpe:2.3:a:powerdns:recursor:3.3:*:*:*:*:*:*:*
  • cpe:2.3:a:powerdns:recursor:3.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:powerdns:recursor:3.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:powerdns:recursor:3.5:*:*:*:*:*:*:*
    cpe:2.3:a:powerdns:recursor:3.5:*:*:*:*:*:*:*
  • cpe:2.3:a:powerdns:recursor:3.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:powerdns:recursor:3.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:powerdns:recursor:3.5.2:*:*:*:*:*:*:*
    cpe:2.3:a:powerdns:recursor:3.5.2:*:*:*:*:*:*:*
  • cpe:2.3:a:powerdns:recursor:3.5.3:*:*:*:*:*:*:*
    cpe:2.3:a:powerdns:recursor:3.5.3:*:*:*:*:*:*:*
  • cpe:2.3:a:powerdns:recursor:3.6.0:*:*:*:*:*:*:*
    cpe:2.3:a:powerdns:recursor:3.6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:powerdns:recursor:3.6.1:*:*:*:*:*:*:*
    cpe:2.3:a:powerdns:recursor:3.6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:powerdns:recursor:3.6.2:*:*:*:*:*:*:*
    cpe:2.3:a:powerdns:recursor:3.6.2:*:*:*:*:*:*:*
  • cpe:2.3:a:powerdns:recursor:3.6.3:*:*:*:*:*:*:*
    cpe:2.3:a:powerdns:recursor:3.6.3:*:*:*:*:*:*:*
  • cpe:2.3:a:powerdns:recursor:3.6.4:*:*:*:*:*:*:*
    cpe:2.3:a:powerdns:recursor:3.6.4:*:*:*:*:*:*:*
  • cpe:2.3:a:powerdns:recursor:3.7.0:*:*:*:*:*:*:*
    cpe:2.3:a:powerdns:recursor:3.7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:powerdns:recursor:3.7.1:*:*:*:*:*:*:*
    cpe:2.3:a:powerdns:recursor:3.7.1:*:*:*:*:*:*:*
  • cpe:2.3:a:powerdns:recursor:3.7.2:*:*:*:*:*:*:*
    cpe:2.3:a:powerdns:recursor:3.7.2:*:*:*:*:*:*:*
  • cpe:2.3:a:powerdns:recursor:3.7.3:*:*:*:*:*:*:*
    cpe:2.3:a:powerdns:recursor:3.7.3:*:*:*:*:*:*:*
  • cpe:2.3:a:powerdns:recursor:3.7.4:*:*:*:*:*:*:*
    cpe:2.3:a:powerdns:recursor:3.7.4:*:*:*:*:*:*:*
  • cpe:2.3:a:powerdns:recursor:4.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:powerdns:recursor:4.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:powerdns:recursor:4.0.0:-:*:*:*:*:*:*
    cpe:2.3:a:powerdns:recursor:4.0.0:-:*:*:*:*:*:*
  • cpe:2.3:a:powerdns:recursor:4.0.0:alpha1:*:*:*:*:*:*
    cpe:2.3:a:powerdns:recursor:4.0.0:alpha1:*:*:*:*:*:*
  • cpe:2.3:a:powerdns:recursor:4.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:powerdns:recursor:4.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:powerdns:recursor:4.0.2:*:*:*:*:*:*:*
    cpe:2.3:a:powerdns:recursor:4.0.2:*:*:*:*:*:*:*
  • cpe:2.3:a:powerdns:recursor:4.0.3:*:*:*:*:*:*:*
    cpe:2.3:a:powerdns:recursor:4.0.3:*:*:*:*:*:*:*
  • cpe:2.3:a:powerdns:recursor:4.0.4:*:*:*:*:*:*:*
    cpe:2.3:a:powerdns:recursor:4.0.4:*:*:*:*:*:*:*
  • cpe:2.3:a:powerdns:recursor:4.0.5:*:*:*:*:*:*:*
    cpe:2.3:a:powerdns:recursor:4.0.5:*:*:*:*:*:*:*
  • cpe:2.3:a:powerdns:recursor:4.0.6:*:*:*:*:*:*:*
    cpe:2.3:a:powerdns:recursor:4.0.6:*:*:*:*:*:*:*
  • cpe:2.3:a:powerdns:recursor:4.0.7:*:*:*:*:*:*:*
    cpe:2.3:a:powerdns:recursor:4.0.7:*:*:*:*:*:*:*
  • cpe:2.3:a:powerdns:recursor:4.0.8:*:*:*:*:*:*:*
    cpe:2.3:a:powerdns:recursor:4.0.8:*:*:*:*:*:*:*
  • cpe:2.3:a:powerdns:recursor:4.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:powerdns:recursor:4.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:powerdns:recursor:4.1.0:-:*:*:*:*:*:*
    cpe:2.3:a:powerdns:recursor:4.1.0:-:*:*:*:*:*:*
  • cpe:2.3:a:powerdns:recursor:4.1.0:alpha1:*:*:*:*:*:*
    cpe:2.3:a:powerdns:recursor:4.1.0:alpha1:*:*:*:*:*:*
  • cpe:2.3:a:powerdns:recursor:4.1.0:rc1:*:*:*:*:*:*
    cpe:2.3:a:powerdns:recursor:4.1.0:rc1:*:*:*:*:*:*
  • cpe:2.3:a:powerdns:recursor:4.1.0:rc2:*:*:*:*:*:*
    cpe:2.3:a:powerdns:recursor:4.1.0:rc2:*:*:*:*:*:*
  • cpe:2.3:a:powerdns:recursor:4.1.0:rc3:*:*:*:*:*:*
    cpe:2.3:a:powerdns:recursor:4.1.0:rc3:*:*:*:*:*:*
  • cpe:2.3:a:powerdns:recursor:4.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:powerdns:recursor:4.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:powerdns:recursor:4.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:powerdns:recursor:4.1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:powerdns:recursor:4.1.3:*:*:*:*:*:*:*
    cpe:2.3:a:powerdns:recursor:4.1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:powerdns:recursor:4.1.4:*:*:*:*:*:*:*
    cpe:2.3:a:powerdns:recursor:4.1.4:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 09-10-2019 - 23:33)
Impact:
Exploitability:
CWE CWE-772
CAPEC
  • HTTP DoS
    An attacker performs flooding at the HTTP level to bring down only a particular web application rather than anything listening on a TCP/IP connection. This denial of service attack requires substantially fewer packets to be sent which makes DoS harder to detect. This is an equivalent of SYN flood in HTTP. The idea is to keep the HTTP session alive indefinitely and then repeat that hundreds of times. This attack targets resource depletion weaknesses in web server software. The web server will wait to attacker's responses on the initiated HTTP sessions while the connection threads are being exhausted.
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:P
refmap via4
confirm
Last major update 09-10-2019 - 23:33
Published 29-11-2018 - 18:29
Last modified 09-10-2019 - 23:33
Back to Top