FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

powerdns -- Label decompression bug can cause crashes or CPU spikes

Affected packages
powerdns < 3.4.5
powerdns-recursor < 3.7.3

Details

VuXML ID 64e6006e-f009-11e4-98c6-000c292ee6b8
Discovery 2015-04-23
Entry 2015-05-01
Modified 2015-07-12

The PowerDNS project reports:

A bug was discovered in our label decompression code, making it possible for names to refer to themselves, thus causing a loop during decompression. On some platforms, this bug can be abused to cause crashes. On all platforms, this bug can be abused to cause service-affecting CPU spikes.

References

CVE Name CVE-2015-1868
CVE Name CVE-2015-5470
Message http://www.openwall.com/lists/oss-security/2015/07/10/8
URL https://doc.powerdns.com/md/security/powerdns-advisory-2015-01/