SB2018110919 - Memory leak in pdns (Alpine package)

Description

This security bulletin contains information about 1 vulnerability.

1) Memory leak (CVE-ID: CVE-2018-10851)

CWE-ID: CWE-401 - Missing release of memory after effective lifetime

CVSSv4: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Clear

The vulnerability allows a remote authenticated attacker to cause DoS condition on the target system.

The vulnerability exists due to memory leak when handling malicious input. A remote attacker can insert a specially crafted record in a zone under his control, send a DNS query for that record, trigger memory leak and cause the service to crash.

Remediation

Install update from vendor's website.

References

• https://git.alpinelinux.org/aports/commit/?id=333ed82593af01cf2a74180b9214c59528fb1e11
• https://git.alpinelinux.org/aports/commit/?id=0ef8821508fe2042c199551d43e728d1af2cde36
• https://git.alpinelinux.org/aports/commit/?id=a5a93e4963f1fa85d07871cbb586e952309b46b5
• https://git.alpinelinux.org/aports/commit/?id=25d9fe89a4cbd43e9f7cc3e4f9c28cf372f28c57
• https://git.alpinelinux.org/aports/commit/?id=43dd52bda87e3f1fd92433e5e9a42273dcdfec51
• https://git.alpinelinux.org/aports/commit/?id=08ec10f083f3eb9549ad5efb4acdbe2c313bc4c2
• https://git.alpinelinux.org/aports/commit/?id=a82df6a94c042f4bf27b6d162cda7fb7d7f513b5
• https://git.alpinelinux.org/aports/commit/?id=d4b0f51ac1e8c9d50821593f4982da6bdb1c68a5
• https://git.alpinelinux.org/aports/commit/?id=0756f3f95a7b96bfe212a78d42d64da35b03a78a
• https://git.alpinelinux.org/aports/commit/?id=2757748db3f9d1beb27dde1298b044cb48fd3edc
• https://git.alpinelinux.org/aports/commit/?id=38a6a429ec5f1bf1ac039294e2692d2f5f9760f5
• https://git.alpinelinux.org/aports/commit/?id=e0ddcae164893e75083138445b2eaf4700047025
• https://git.alpinelinux.org/aports/commit/?id=bf63f1bdf313c1988b026709f085a9c52811b797
• https://git.alpinelinux.org/aports/commit/?id=943fe828eb474fd0c86ec357c79b053b6b7c469a