CVE-2016-5427

PowerDNS (aka pdns) Authoritative Server before 3.4.10 does not properly handle a . (dot) inside labels, which allows remote attackers to cause a denial of service (backend CPU consumption) via a crafted DNS query.

References

Affected packages

Git / github.com/powerdns/pdns

Affected ranges

Type: GIT
Repo: https://github.com/powerdns/pdns
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

881b5b03a590198d03008e4200dd00cc537712f3

Affected versions

auth-3.*

auth-3.1-rc1

auth-3.1-rc2

auth-3.1-rc3

auth-3.2-rc1

auth-3.2-rc2

auth-3.2-rc3

auth-3.2-rc4

auth-3.3

auth-3.3-rc1

auth-3.3-rc2

auth-3.4.0

auth-3.4.0-rc1

auth-3.4.0-rc2

auth-3.4.1

auth-3.4.2

auth-3.4.3

auth-3.4.4

auth-3.4.5

auth-3.4.6

auth-3.4.7

auth-3.4.8

auth-3.4.9

Other

rec-3-0

rec-3-0-1

rec-3.*

rec-3.0

rec-3.0.1

rec-3.1.4

rec-3.3.1

rec-3.5

rec-3.5-rc1

rec-3.5-rc3

rec-3.5-rc4

rec-3.5-rc5

rec-3.6.0

rec-3.6.0-rc1

Database specific

{
    "vanir_signatures": [
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "335073009223727141442546823773627607245",
                    "3325063803919662370807815705681621301",
                    "65566741844457745540789393961208334976",
                    "214802017751245620480022513796026227278"
                ]
            },
            "id": "CVE-2016-5427-20984c56",
            "source": "https://github.com/powerdns/pdns/commit/881b5b03a590198d03008e4200dd00cc537712f3",
            "signature_version": "v1",
            "signature_type": "Line",
            "target": {
                "file": "pdns/dnsparser.hh"
            },
            "deprecated": false
        },
        {
            "digest": {
                "function_hash": "272098364120668738828264363336242645641",
                "length": 328.0
            },
            "id": "CVE-2016-5427-2d379901",
            "source": "https://github.com/powerdns/pdns/commit/881b5b03a590198d03008e4200dd00cc537712f3",
            "signature_version": "v1",
            "signature_type": "Function",
            "target": {
                "file": "pdns/misc.cc",
                "function": "chopOff"
            },
            "deprecated": false
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "323778131826227137046733885077490639136",
                    "240445538914645076535977674075035909806",
                    "283520274824191313494879770423235872527",
                    "53325220884174924959903238627933421749",
                    "224421520498247737712322729298499572388",
                    "93818216059961495475847147166659679151",
                    "6861711156456960504034447273136901951",
                    "317208339759658381996075765955364396799",
                    "253423114992532614861981627913615465549",
                    "307555942684889802314558013562569018113",
                    "158795892569270529885923505314648870425",
                    "164183774241103682164887089537365760511",
                    "273595359538434688439511303466560191615",
                    "209004289468925949192202308382117884575",
                    "219640445849104293661265381556335644794",
                    "167739300652219471366787208970070966327",
                    "105861474666818595362880159779047064133",
                    "234629022298806735223125698169096913745",
                    "277411381474638480386129624368964150883",
                    "38244472512904287657046946269019637770",
                    "113881175921520652762034040417574155137",
                    "7663497596635311250949750754532429116"
                ]
            },
            "id": "CVE-2016-5427-86a2e31d",
            "source": "https://github.com/powerdns/pdns/commit/881b5b03a590198d03008e4200dd00cc537712f3",
            "signature_version": "v1",
            "signature_type": "Line",
            "target": {
                "file": "pdns/dnsparser.cc"
            },
            "deprecated": false
        },
        {
            "digest": {
                "function_hash": "119830926157982529327753721699322374384",
                "length": 430.0
            },
            "id": "CVE-2016-5427-9116589e",
            "source": "https://github.com/powerdns/pdns/commit/881b5b03a590198d03008e4200dd00cc537712f3",
            "signature_version": "v1",
            "signature_type": "Function",
            "target": {
                "file": "pdns/misc.cc",
                "function": "chopOffDotted"
            },
            "deprecated": false
        },
        {
            "digest": {
                "function_hash": "201494151425687124566229460532178142136",
                "length": 157.0
            },
            "id": "CVE-2016-5427-944c9226",
            "source": "https://github.com/powerdns/pdns/commit/881b5b03a590198d03008e4200dd00cc537712f3",
            "signature_version": "v1",
            "signature_type": "Function",
            "target": {
                "file": "pdns/dnsparser.cc",
                "function": "PacketReader::getLabel"
            },
            "deprecated": false
        },
        {
            "digest": {
                "threshold": 0.9,
                "line_hashes": [
                    "181632328344395220377559472030462807540",
                    "236987670225606885321027315954694042180",
                    "129809260883687853675743250620761616960",
                    "280303859564270144192609114135470779492",
                    "211610218258821069505962204602074386266",
                    "183715558143582153046772273329532446919",
                    "73567258661609742843166467859579400105",
                    "76419677890623618479137435553503771143",
                    "75275836938457648641807021376571378803",
                    "97853206121996420844189532501138666074",
                    "150042922336362238403737705726299700457",
                    "320528092379479898763862348487686027264",
                    "149885393657184090717334775657689669797",
                    "283952187599417710362975471129640852815",
                    "93770744145712523750298104897171318374",
                    "16303369545357969644039883735816223304",
                    "172255641570987239549280883768092565577",
                    "84103177289257808400351996336977030524",
                    "73928659265986391659906095573856595624",
                    "222618908864331382869796708820327693120",
                    "73567258661609742843166467859579400105",
                    "76419677890623618479137435553503771143",
                    "75275836938457648641807021376571378803",
                    "97853206121996420844189532501138666074",
                    "150042922336362238403737705726299700457",
                    "221063562770856429103065150410274246939",
                    "261907972103596152924252597753051569543"
                ]
            },
            "id": "CVE-2016-5427-976374fe",
            "source": "https://github.com/powerdns/pdns/commit/881b5b03a590198d03008e4200dd00cc537712f3",
            "signature_version": "v1",
            "signature_type": "Line",
            "target": {
                "file": "pdns/misc.cc"
            },
            "deprecated": false
        },
        {
            "digest": {
                "function_hash": "58758631302416552483714960344531181482",
                "length": 1167.0
            },
            "id": "CVE-2016-5427-ea933828",
            "source": "https://github.com/powerdns/pdns/commit/881b5b03a590198d03008e4200dd00cc537712f3",
            "signature_version": "v1",
            "signature_type": "Function",
            "target": {
                "file": "pdns/dnsparser.cc",
                "function": "PacketReader::getLabelFromContent"
            },
            "deprecated": false
        }
    ]
}