FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

powerdns-recursor -- Crafted query can cause a denial of service

Affected packages
powerdns-recursor < 4.1.8

Details

VuXML ID f6d6308a-f2ec-11e8-b005-6805ca2fa271
Discovery 2018-11-26
Entry 2018-12-09

powerdns Team reports:

CVE-2018-16855: An issue has been found in PowerDNS Recursor where a remote attacker sending a DNS query can trigger an out-of-bounds memory read while computing the hash of the query for a packet cache lookup, possibly leading to a crash. When the PowerDNS Recursor is run inside a supervisor like supervisord or systemd, a crash will lead to an automatic restart, limiting the impact to a somewhat degraded service.

References

CVE Name CVE-2018-16855
URL https://doc.powerdns.com/recursor/changelog/4.1.html