FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

powerdns -- Label decompression bug can cause crashes or CPU spikes

Affected packages
powerdns < 3.4.5
powerdns-recursor < 3.7.3


VuXML ID 64e6006e-f009-11e4-98c6-000c292ee6b8
Discovery 2015-04-23
Entry 2015-05-01
Modified 2015-07-12

The PowerDNS project reports:

A bug was discovered in our label decompression code, making it possible for names to refer to themselves, thus causing a loop during decompression. On some platforms, this bug can be abused to cause crashes. On all platforms, this bug can be abused to cause service-affecting CPU spikes.


CVE Name CVE-2015-1868
CVE Name CVE-2015-5470