Severity: Medium Date : 2018-11-28 CVE-ID : CVE-2018-16855 Package : powerdns-recursor Type : denial of service Remote : Yes Link : https://security.archlinux.org/AVG-821
The package powerdns-recursor before version 4.1.8-1 is vulnerable to denial of service.
Upgrade to 4.1.8-1.
The problem has been fixed upstream in version 4.1.8.
An issue has been found in PowerDNS Recursor versions from 4.1.0 up to and including 4.1.7, where a remote attacker sending a DNS query can trigger an out-of-bounds memory read while computing the hash of the query for a packet cache lookup, possibly leading to a crash.
A remote attacker can cause a denial of service via a crafted query.
https://docs.powerdns.com/recursor/security-advisories/powerdns-advisory-2018-09.html https://seclists.org/oss-sec/2018/q4/183 https://github.com/PowerDNS/pdns/commit/e412a949491886c13854587bbd06fa90ceb3a326 https://security.archlinux.org/CVE-2018-16855