CVE-2018-16855

An issue has been found in PowerDNS Recursor before version 4.1.8 where a remote attacker sending a DNS query can trigger an out-of-bounds memory read while computing the hash of the query for a packet cache lookup, possibly leading to a crash.

References

Affected packages

Git / github.com/powerdns/pdns

Affected ranges

Type

GIT

Repo

https://github.com/powerdns/pdns

Events

Introduced

Fixed

e412a949491886c13854587bbd06fa90ceb3a326

Database specific

{
    "extracted_events": [
        {
            "introduced": "0"
        },
        {
            "fixed": "4.1.8"
        }
    ],
    "source": "CPE_FIELD",
    "cpe": "cpe:2.3:a:powerdns:recursor:*:*:*:*:*:*:*:*"
}

Affected versions

auth-3.*

auth-3.1-rc1

auth-3.1-rc2

auth-3.1-rc3

auth-3.2-rc1

auth-3.2-rc2

auth-3.2-rc3

auth-3.2-rc4

auth-3.4.0

auth-3.4.0-rc1

auth-3.4.0-rc2

auth-4.*

auth-4.0.0

auth-4.0.0-alpha1

auth-4.0.0-alpha2

auth-4.0.0-alpha3

auth-4.0.0-beta1

auth-4.0.0-rc1

auth-4.0.0-rc2

auth-4.0.1

auth-4.1.0

auth-4.1.0-rc1

auth-4.1.0-rc2

auth-4.1.0-rc3

dnsdist-1.*

dnsdist-1.0.0

dnsdist-1.0.0-alpha1

dnsdist-1.0.0-alpha2

dnsdist-1.0.0-beta1

dnsdist-1.1.0

dnsdist-1.1.0-beta1

dnsdist-1.1.0-beta2

dnsdist-1.2.0

Other

rec-3-0

rec-3-0-1

rec-3.*

rec-3.0

rec-3.0.1

rec-3.1.4

rec-3.3.1

rec-3.5

rec-3.5-rc1

rec-3.5-rc3

rec-3.5-rc4

rec-3.5-rc5

rec-3.6.0

rec-4.*

rec-4.0.0

rec-4.0.0-alpha1

rec-4.0.0-alpha2

rec-4.0.0-alpha3

rec-4.0.0-beta1

rec-4.0.0-rc1

rec-4.0.1

rec-4.0.2

rec-4.1.0

rec-4.1.0-alpha1

rec-4.1.0-rc1

rec-4.1.0-rc2

rec-4.1.0-rc3

rec-4.1.1

rec-4.1.2

rec-4.1.3

rec-4.1.4

rec-4.1.5

rec-4.1.6

rec-4.1.7

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2018-16855.json"