Resource Exhaustion Affecting pdns-recursor package, versions <4.1.7-r0


Severity

Recommended
0.0
high
0
10

Snyk's Security Team recommends NVD's CVSS assessment. Learn more

Threat Intelligence

EPSS
0.25% (65th percentile)

Do your applications use this vulnerable package?

In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.

Test your applications
  • Snyk IDSNYK-ALPINE313-PDNSRECURSOR-1069089
  • published2 Dec 2018
  • disclosed29 Nov 2018

Introduced: 29 Nov 2018

CVE-2018-14626  (opens in a new tab)
CWE-400  (opens in a new tab)

How to fix?

Upgrade Alpine:3.13 pdns-recursor to version 4.1.7-r0 or higher.

NVD Description

Note: Versions mentioned in the description apply only to the upstream pdns-recursor package and not the pdns-recursor package as distributed by Alpine. See How to fix? for Alpine:3.13 relevant fixed versions and status.

PowerDNS Authoritative Server 4.1.0 up to 4.1.4 inclusive and PowerDNS Recursor 4.0.0 up to 4.1.4 inclusive are vulnerable to a packet cache pollution via crafted query that can lead to denial of service.