CVE-2018-10851 - PowerDNS Authoritative Server 3.3.0 up to 4.1.4 excluding 4.1.5 and 4.0.6, and PowerDNS Recursor 3.2

CVE-2018-10851

Summary

PowerDNS Authoritative Server 3.3.0 up to 4.1.4 excluding 4.1.5 and 4.0.6, and PowerDNS Recursor 3.2 up to 4.1.4 excluding 4.1.5 and 4.0.9, are vulnerable to a memory leak while parsing malformed records that can lead to remote denial of service.

References

Vulnerable Configurations

cpe:2.3:a:powerdns:authoritative:3.3:*:*:*:*:*:*:*
cpe:2.3:a:powerdns:authoritative:3.3:*:*:*:*:*:*:*
cpe:2.3:a:powerdns:authoritative:3.3.1:*:*:*:*:*:*:*
cpe:2.3:a:powerdns:authoritative:3.3.1:*:*:*:*:*:*:*
cpe:2.3:a:powerdns:authoritative:3.3.2:*:*:*:*:*:*:*
cpe:2.3:a:powerdns:authoritative:3.3.2:*:*:*:*:*:*:*
cpe:2.3:a:powerdns:authoritative:3.3.3:*:*:*:*:*:*:*
cpe:2.3:a:powerdns:authoritative:3.3.3:*:*:*:*:*:*:*
cpe:2.3:a:powerdns:authoritative:3.4.0:*:*:*:*:*:*:*
cpe:2.3:a:powerdns:authoritative:3.4.0:*:*:*:*:*:*:*
cpe:2.3:a:powerdns:authoritative:3.4.0:rc1:*:*:*:*:*:*
cpe:2.3:a:powerdns:authoritative:3.4.0:rc1:*:*:*:*:*:*
cpe:2.3:a:powerdns:authoritative:3.4.0:rc2:*:*:*:*:*:*
cpe:2.3:a:powerdns:authoritative:3.4.0:rc2:*:*:*:*:*:*
cpe:2.3:a:powerdns:authoritative:3.4.1:*:*:*:*:*:*:*
cpe:2.3:a:powerdns:authoritative:3.4.1:*:*:*:*:*:*:*
cpe:2.3:a:powerdns:authoritative:3.4.2:*:*:*:*:*:*:*
cpe:2.3:a:powerdns:authoritative:3.4.2:*:*:*:*:*:*:*
cpe:2.3:a:powerdns:authoritative:3.4.3:*:*:*:*:*:*:*
cpe:2.3:a:powerdns:authoritative:3.4.3:*:*:*:*:*:*:*
cpe:2.3:a:powerdns:authoritative:3.4.4:*:*:*:*:*:*:*
cpe:2.3:a:powerdns:authoritative:3.4.4:*:*:*:*:*:*:*
cpe:2.3:a:powerdns:authoritative:3.4.5:*:*:*:*:*:*:*
cpe:2.3:a:powerdns:authoritative:3.4.5:*:*:*:*:*:*:*
cpe:2.3:a:powerdns:authoritative:3.4.6:*:*:*:*:*:*:*
cpe:2.3:a:powerdns:authoritative:3.4.6:*:*:*:*:*:*:*
cpe:2.3:a:powerdns:authoritative:3.4.7:*:*:*:*:*:*:*
cpe:2.3:a:powerdns:authoritative:3.4.7:*:*:*:*:*:*:*
cpe:2.3:a:powerdns:authoritative:3.4.8:*:*:*:*:*:*:*
cpe:2.3:a:powerdns:authoritative:3.4.8:*:*:*:*:*:*:*
cpe:2.3:a:powerdns:authoritative:3.4.9:*:*:*:*:*:*:*
cpe:2.3:a:powerdns:authoritative:3.4.9:*:*:*:*:*:*:*
cpe:2.3:a:powerdns:authoritative:3.4.10:*:*:*:*:*:*:*
cpe:2.3:a:powerdns:authoritative:3.4.10:*:*:*:*:*:*:*
cpe:2.3:a:powerdns:authoritative:3.4.11:*:*:*:*:*:*:*
cpe:2.3:a:powerdns:authoritative:3.4.11:*:*:*:*:*:*:*
cpe:2.3:a:powerdns:authoritative:3.5:*:*:*:*:*:*:*
cpe:2.3:a:powerdns:authoritative:3.5:*:*:*:*:*:*:*
cpe:2.3:a:powerdns:authoritative:3.5.1:*:*:*:*:*:*:*
cpe:2.3:a:powerdns:authoritative:3.5.1:*:*:*:*:*:*:*
cpe:2.3:a:powerdns:authoritative:3.5.2:*:*:*:*:*:*:*
cpe:2.3:a:powerdns:authoritative:3.5.2:*:*:*:*:*:*:*
cpe:2.3:a:powerdns:authoritative:3.5.3:*:*:*:*:*:*:*
cpe:2.3:a:powerdns:authoritative:3.5.3:*:*:*:*:*:*:*
cpe:2.3:a:powerdns:authoritative:3.6.0:*:*:*:*:*:*:*
cpe:2.3:a:powerdns:authoritative:3.6.0:*:*:*:*:*:*:*
cpe:2.3:a:powerdns:authoritative:3.6.0:rc1:*:*:*:*:*:*
cpe:2.3:a:powerdns:authoritative:3.6.0:rc1:*:*:*:*:*:*
cpe:2.3:a:powerdns:authoritative:3.6.1:*:*:*:*:*:*:*
cpe:2.3:a:powerdns:authoritative:3.6.1:*:*:*:*:*:*:*
cpe:2.3:a:powerdns:authoritative:3.6.2:*:*:*:*:*:*:*
cpe:2.3:a:powerdns:authoritative:3.6.2:*:*:*:*:*:*:*
cpe:2.3:a:powerdns:authoritative:3.6.3:*:*:*:*:*:*:*
cpe:2.3:a:powerdns:authoritative:3.6.3:*:*:*:*:*:*:*
cpe:2.3:a:powerdns:authoritative:3.6.4:*:*:*:*:*:*:*
cpe:2.3:a:powerdns:authoritative:3.6.4:*:*:*:*:*:*:*
cpe:2.3:a:powerdns:authoritative:3.7.0:*:*:*:*:*:*:*
cpe:2.3:a:powerdns:authoritative:3.7.0:*:*:*:*:*:*:*
cpe:2.3:a:powerdns:authoritative:3.7.0:rc1:*:*:*:*:*:*
cpe:2.3:a:powerdns:authoritative:3.7.0:rc1:*:*:*:*:*:*
cpe:2.3:a:powerdns:authoritative:3.7.0:rc2:*:*:*:*:*:*
cpe:2.3:a:powerdns:authoritative:3.7.0:rc2:*:*:*:*:*:*
cpe:2.3:a:powerdns:authoritative:3.7.1:*:*:*:*:*:*:*
cpe:2.3:a:powerdns:authoritative:3.7.1:*:*:*:*:*:*:*
cpe:2.3:a:powerdns:authoritative:3.7.2:*:*:*:*:*:*:*
cpe:2.3:a:powerdns:authoritative:3.7.2:*:*:*:*:*:*:*
cpe:2.3:a:powerdns:authoritative:3.7.3:*:*:*:*:*:*:*
cpe:2.3:a:powerdns:authoritative:3.7.3:*:*:*:*:*:*:*
cpe:2.3:a:powerdns:authoritative:3.7.4:*:*:*:*:*:*:*
cpe:2.3:a:powerdns:authoritative:3.7.4:*:*:*:*:*:*:*
cpe:2.3:a:powerdns:authoritative:4.0.0:*:*:*:*:*:*:*
cpe:2.3:a:powerdns:authoritative:4.0.0:*:*:*:*:*:*:*
cpe:2.3:a:powerdns:authoritative:4.0.0:-:*:*:*:*:*:*
cpe:2.3:a:powerdns:authoritative:4.0.0:-:*:*:*:*:*:*
cpe:2.3:a:powerdns:authoritative:4.0.0:alpha1:*:*:*:*:*:*
cpe:2.3:a:powerdns:authoritative:4.0.0:alpha1:*:*:*:*:*:*
cpe:2.3:a:powerdns:authoritative:4.0.0:alpha2:*:*:*:*:*:*
cpe:2.3:a:powerdns:authoritative:4.0.0:alpha2:*:*:*:*:*:*
cpe:2.3:a:powerdns:authoritative:4.0.0:alpha3:*:*:*:*:*:*
cpe:2.3:a:powerdns:authoritative:4.0.0:alpha3:*:*:*:*:*:*
cpe:2.3:a:powerdns:authoritative:4.0.0:beta1:*:*:*:*:*:*
cpe:2.3:a:powerdns:authoritative:4.0.0:beta1:*:*:*:*:*:*
cpe:2.3:a:powerdns:authoritative:4.0.0:rc1:*:*:*:*:*:*
cpe:2.3:a:powerdns:authoritative:4.0.0:rc1:*:*:*:*:*:*
cpe:2.3:a:powerdns:authoritative:4.0.0:rc2:*:*:*:*:*:*
cpe:2.3:a:powerdns:authoritative:4.0.0:rc2:*:*:*:*:*:*
cpe:2.3:a:powerdns:authoritative:4.0.1:*:*:*:*:*:*:*
cpe:2.3:a:powerdns:authoritative:4.0.1:*:*:*:*:*:*:*
cpe:2.3:a:powerdns:authoritative:4.0.2:*:*:*:*:*:*:*
cpe:2.3:a:powerdns:authoritative:4.0.2:*:*:*:*:*:*:*
cpe:2.3:a:powerdns:authoritative:4.0.3:*:*:*:*:*:*:*
cpe:2.3:a:powerdns:authoritative:4.0.3:*:*:*:*:*:*:*
cpe:2.3:a:powerdns:authoritative:4.0.4:*:*:*:*:*:*:*
cpe:2.3:a:powerdns:authoritative:4.0.4:*:*:*:*:*:*:*
cpe:2.3:a:powerdns:authoritative:4.0.4:rc1:*:*:*:*:*:*
cpe:2.3:a:powerdns:authoritative:4.0.4:rc1:*:*:*:*:*:*
cpe:2.3:a:powerdns:authoritative:4.0.5:*:*:*:*:*:*:*
cpe:2.3:a:powerdns:authoritative:4.0.5:*:*:*:*:*:*:*
cpe:2.3:a:powerdns:authoritative:4.0.5:rc1:*:*:*:*:*:*
cpe:2.3:a:powerdns:authoritative:4.0.5:rc1:*:*:*:*:*:*
cpe:2.3:a:powerdns:authoritative:4.0.5:rc2:*:*:*:*:*:*
cpe:2.3:a:powerdns:authoritative:4.0.5:rc2:*:*:*:*:*:*
cpe:2.3:a:powerdns:authoritative:4.0.6:*:*:*:*:*:*:*
cpe:2.3:a:powerdns:authoritative:4.0.6:*:*:*:*:*:*:*
cpe:2.3:a:powerdns:authoritative:4.0.7:*:*:*:*:*:*:*
cpe:2.3:a:powerdns:authoritative:4.0.7:*:*:*:*:*:*:*
cpe:2.3:a:powerdns:authoritative:4.0.8:*:*:*:*:*:*:*
cpe:2.3:a:powerdns:authoritative:4.0.8:*:*:*:*:*:*:*
cpe:2.3:a:powerdns:authoritative:4.1.0:*:*:*:*:*:*:*
cpe:2.3:a:powerdns:authoritative:4.1.0:*:*:*:*:*:*:*
cpe:2.3:a:powerdns:authoritative:4.1.0:-:*:*:*:*:*:*
cpe:2.3:a:powerdns:authoritative:4.1.0:-:*:*:*:*:*:*
cpe:2.3:a:powerdns:authoritative:4.1.0:alpha1:*:*:*:*:*:*
cpe:2.3:a:powerdns:authoritative:4.1.0:alpha1:*:*:*:*:*:*
cpe:2.3:a:powerdns:authoritative:4.1.0:rc1:*:*:*:*:*:*
cpe:2.3:a:powerdns:authoritative:4.1.0:rc1:*:*:*:*:*:*
cpe:2.3:a:powerdns:authoritative:4.1.0:rc2:*:*:*:*:*:*
cpe:2.3:a:powerdns:authoritative:4.1.0:rc2:*:*:*:*:*:*
cpe:2.3:a:powerdns:authoritative:4.1.0:rc3:*:*:*:*:*:*
cpe:2.3:a:powerdns:authoritative:4.1.0:rc3:*:*:*:*:*:*
cpe:2.3:a:powerdns:authoritative:4.1.1:*:*:*:*:*:*:*
cpe:2.3:a:powerdns:authoritative:4.1.1:*:*:*:*:*:*:*
cpe:2.3:a:powerdns:authoritative:4.1.2:*:*:*:*:*:*:*
cpe:2.3:a:powerdns:authoritative:4.1.2:*:*:*:*:*:*:*
cpe:2.3:a:powerdns:authoritative:4.1.3:*:*:*:*:*:*:*
cpe:2.3:a:powerdns:authoritative:4.1.3:*:*:*:*:*:*:*
cpe:2.3:a:powerdns:authoritative:4.1.4:*:*:*:*:*:*:*
cpe:2.3:a:powerdns:authoritative:4.1.4:*:*:*:*:*:*:*
cpe:2.3:a:powerdns:recursor:3.2:*:*:*:*:*:*:*
cpe:2.3:a:powerdns:recursor:3.2:*:*:*:*:*:*:*
cpe:2.3:a:powerdns:recursor:3.3:*:*:*:*:*:*:*
cpe:2.3:a:powerdns:recursor:3.3:*:*:*:*:*:*:*
cpe:2.3:a:powerdns:recursor:3.3.1:*:*:*:*:*:*:*
cpe:2.3:a:powerdns:recursor:3.3.1:*:*:*:*:*:*:*
cpe:2.3:a:powerdns:recursor:3.5:*:*:*:*:*:*:*
cpe:2.3:a:powerdns:recursor:3.5:*:*:*:*:*:*:*
cpe:2.3:a:powerdns:recursor:3.5.1:*:*:*:*:*:*:*
cpe:2.3:a:powerdns:recursor:3.5.1:*:*:*:*:*:*:*
cpe:2.3:a:powerdns:recursor:3.5.2:*:*:*:*:*:*:*
cpe:2.3:a:powerdns:recursor:3.5.2:*:*:*:*:*:*:*
cpe:2.3:a:powerdns:recursor:3.5.3:*:*:*:*:*:*:*
cpe:2.3:a:powerdns:recursor:3.5.3:*:*:*:*:*:*:*
cpe:2.3:a:powerdns:recursor:3.6.0:*:*:*:*:*:*:*
cpe:2.3:a:powerdns:recursor:3.6.0:*:*:*:*:*:*:*
cpe:2.3:a:powerdns:recursor:3.6.1:*:*:*:*:*:*:*
cpe:2.3:a:powerdns:recursor:3.6.1:*:*:*:*:*:*:*
cpe:2.3:a:powerdns:recursor:3.6.2:*:*:*:*:*:*:*
cpe:2.3:a:powerdns:recursor:3.6.2:*:*:*:*:*:*:*
cpe:2.3:a:powerdns:recursor:3.6.3:*:*:*:*:*:*:*
cpe:2.3:a:powerdns:recursor:3.6.3:*:*:*:*:*:*:*
cpe:2.3:a:powerdns:recursor:3.6.4:*:*:*:*:*:*:*
cpe:2.3:a:powerdns:recursor:3.6.4:*:*:*:*:*:*:*
cpe:2.3:a:powerdns:recursor:3.7.0:*:*:*:*:*:*:*
cpe:2.3:a:powerdns:recursor:3.7.0:*:*:*:*:*:*:*
cpe:2.3:a:powerdns:recursor:3.7.1:*:*:*:*:*:*:*
cpe:2.3:a:powerdns:recursor:3.7.1:*:*:*:*:*:*:*
cpe:2.3:a:powerdns:recursor:3.7.2:*:*:*:*:*:*:*
cpe:2.3:a:powerdns:recursor:3.7.2:*:*:*:*:*:*:*
cpe:2.3:a:powerdns:recursor:3.7.3:*:*:*:*:*:*:*
cpe:2.3:a:powerdns:recursor:3.7.3:*:*:*:*:*:*:*
cpe:2.3:a:powerdns:recursor:3.7.4:*:*:*:*:*:*:*
cpe:2.3:a:powerdns:recursor:3.7.4:*:*:*:*:*:*:*
cpe:2.3:a:powerdns:recursor:4.0.0:*:*:*:*:*:*:*
cpe:2.3:a:powerdns:recursor:4.0.0:*:*:*:*:*:*:*
cpe:2.3:a:powerdns:recursor:4.0.0:-:*:*:*:*:*:*
cpe:2.3:a:powerdns:recursor:4.0.0:-:*:*:*:*:*:*
cpe:2.3:a:powerdns:recursor:4.0.0:alpha1:*:*:*:*:*:*
cpe:2.3:a:powerdns:recursor:4.0.0:alpha1:*:*:*:*:*:*
cpe:2.3:a:powerdns:recursor:4.0.1:*:*:*:*:*:*:*
cpe:2.3:a:powerdns:recursor:4.0.1:*:*:*:*:*:*:*
cpe:2.3:a:powerdns:recursor:4.0.2:*:*:*:*:*:*:*
cpe:2.3:a:powerdns:recursor:4.0.2:*:*:*:*:*:*:*
cpe:2.3:a:powerdns:recursor:4.0.3:*:*:*:*:*:*:*
cpe:2.3:a:powerdns:recursor:4.0.3:*:*:*:*:*:*:*
cpe:2.3:a:powerdns:recursor:4.0.4:*:*:*:*:*:*:*
cpe:2.3:a:powerdns:recursor:4.0.4:*:*:*:*:*:*:*
cpe:2.3:a:powerdns:recursor:4.0.5:*:*:*:*:*:*:*
cpe:2.3:a:powerdns:recursor:4.0.5:*:*:*:*:*:*:*
cpe:2.3:a:powerdns:recursor:4.0.6:*:*:*:*:*:*:*
cpe:2.3:a:powerdns:recursor:4.0.6:*:*:*:*:*:*:*
cpe:2.3:a:powerdns:recursor:4.0.7:*:*:*:*:*:*:*
cpe:2.3:a:powerdns:recursor:4.0.7:*:*:*:*:*:*:*
cpe:2.3:a:powerdns:recursor:4.0.8:*:*:*:*:*:*:*
cpe:2.3:a:powerdns:recursor:4.0.8:*:*:*:*:*:*:*
cpe:2.3:a:powerdns:recursor:4.1.0:*:*:*:*:*:*:*
cpe:2.3:a:powerdns:recursor:4.1.0:*:*:*:*:*:*:*
cpe:2.3:a:powerdns:recursor:4.1.0:-:*:*:*:*:*:*
cpe:2.3:a:powerdns:recursor:4.1.0:-:*:*:*:*:*:*
cpe:2.3:a:powerdns:recursor:4.1.0:alpha1:*:*:*:*:*:*
cpe:2.3:a:powerdns:recursor:4.1.0:alpha1:*:*:*:*:*:*
cpe:2.3:a:powerdns:recursor:4.1.0:rc1:*:*:*:*:*:*
cpe:2.3:a:powerdns:recursor:4.1.0:rc1:*:*:*:*:*:*
cpe:2.3:a:powerdns:recursor:4.1.0:rc2:*:*:*:*:*:*
cpe:2.3:a:powerdns:recursor:4.1.0:rc2:*:*:*:*:*:*
cpe:2.3:a:powerdns:recursor:4.1.0:rc3:*:*:*:*:*:*
cpe:2.3:a:powerdns:recursor:4.1.0:rc3:*:*:*:*:*:*
cpe:2.3:a:powerdns:recursor:4.1.1:*:*:*:*:*:*:*
cpe:2.3:a:powerdns:recursor:4.1.1:*:*:*:*:*:*:*
cpe:2.3:a:powerdns:recursor:4.1.2:*:*:*:*:*:*:*
cpe:2.3:a:powerdns:recursor:4.1.2:*:*:*:*:*:*:*
cpe:2.3:a:powerdns:recursor:4.1.3:*:*:*:*:*:*:*
cpe:2.3:a:powerdns:recursor:4.1.3:*:*:*:*:*:*:*
cpe:2.3:a:powerdns:recursor:4.1.4:*:*:*:*:*:*:*
cpe:2.3:a:powerdns:recursor:4.1.4:*:*:*:*:*:*:*

CVSS

Base:	5.0 (as of 09-10-2019 - 23:33)
Impact:
Exploitability:

CWE

CWE-772

CAPEC

HTTP DoS
An attacker performs flooding at the HTTP level to bring down only a particular web application rather than anything listening on a TCP/IP connection. This denial of service attack requires substantially fewer packets to be sent which makes DoS harder to detect. This is an equivalent of SYN flood in HTTP. The idea is to keep the HTTP session alive indefinitely and then repeat that hundreds of times. This attack targets resource depletion weaknesses in web server software. The web server will wait to attacker's responses on the initiated HTTP sessions while the connection threads are being exhausted.

Access

Vector	Complexity	Authentication
NETWORK	LOW	NONE

Impact

Confidentiality	Integrity	Availability
NONE	NONE	PARTIAL

cvss-vector via4

AV:N/AC:L/Au:N/C:N/I:N/A:P

refmap via4

confirm

Last major update

09-10-2019 - 23:33

Published

29-11-2018 - 18:29

Last modified

09-10-2019 - 23:33