CVE-2018-16855

CVE-2018-16855

Name

CVE-2018-16855

Description

An issue has been found in PowerDNS Recursor before version 4.1.8 where a remote attacker sending a DNS query can trigger an out-of-bounds memory read while computing the hash of the query for a packet cache lookup, possibly leading to a crash.

NVD Severity

medium

Other trackers

CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia

Mailing lists

oss-security, full-disclosure, bugtraq

Exploits

Exploit DB, Metasploit

Forges

GitHub (code, issues), Aports (code, issues)

Type	URI
Vendor Advisory	https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2018-09.html
Issue Tracking	https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16855

Type

URI

Vendor Advisory

https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2018-09.html

Issue Tracking

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-16855

CPE URI	Source package	Min version	Max version
`cpe:2.3:a:powerdns:recursor::::::::`	recursor	>= None	< 4.1.8

CPE URI

Source package

Min version

Max version

cpe:2.3:a:powerdns:recursor:*:*:*:*:*:*:*:*

recursor

>= None

< 4.1.8

Vulnerable and fixed packages

Source package	Branch	Version	Maintainer	Status
pdns-recursor	edge-community	4.1.8-r0	None	fixed
pdns-recursor	3.22-community	4.1.8-r0	None	fixed
pdns-recursor	3.21-community	4.1.8-r0	None	fixed
pdns-recursor	3.20-community	4.1.8-r0	None	fixed
pdns-recursor	3.19-community	4.1.8-r0	None	fixed
pdns-recursor	3.18-community	4.1.8-r0	None	fixed
pdns-recursor	3.17-community	4.1.8-r0	None	fixed

Source package

Branch

Version

Maintainer

Status

pdns-recursor

edge-community

4.1.8-r0

None

fixed

pdns-recursor

3.22-community