FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

powerdns-recursor -- Crafted query can cause a denial of service

Affected packages
powerdns-recursor < 4.1.8


VuXML ID f6d6308a-f2ec-11e8-b005-6805ca2fa271
Discovery 2018-11-26
Entry 2018-12-09

powerdns Team reports:

CVE-2018-16855: An issue has been found in PowerDNS Recursor where a remote attacker sending a DNS query can trigger an out-of-bounds memory read while computing the hash of the query for a packet cache lookup, possibly leading to a crash. When the PowerDNS Recursor is run inside a supervisor like supervisord or systemd, a crash will lead to an automatic restart, limiting the impact to a somewhat degraded service.


CVE Name CVE-2018-16855