Main Vulnerability Database Vulnerabilities #VU111724

Resource management error in PowerDNS Recursor and PowerDNS Authoritative - CVE-2015-1868

Published: December 28, 2016 / Updated: June 21, 2025

Vulnerability identifier: #VU111724

CSH Severity: Medium

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green

CVE-ID: CVE-2015-1868

CWE-ID: CWE-399

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: PowerDNS.COM B.V.

Affected software:
PowerDNS Recursor
PowerDNS Authoritative

Detailed vulnerability description

The vulnerability allows a remote non-authenticated attacker to perform a denial of service (DoS) attack.

The label decompression functionality in PowerDNS Recursor 3.5.x, 3.6.x before 3.6.3, and 3.7.x before 3.7.2 and Authoritative (Auth) Server 3.2.x, 3.3.x before 3.3.2, and 3.4.x before 3.4.4 allows remote attackers to cause a denial of service (CPU consumption or crash) via a request with a name that refers to itself.

How to mitigate CVE-2015-1868

Install update from vendor's website.

Resource management error in PowerDNS Recursor and PowerDNS Authoritative - CVE-2015-1868

Detailed vulnerability description

How to mitigate CVE-2015-1868

Sources

Please verify you're human