vulnerability
Arch Linux: Denial of service (CVE-2018-10851)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 5 | (AV:N/AC:L/Au:N/C:N/I:N/A:P) | Nov 29, 2018 | Jul 11, 2025 | Nov 27, 2025 |
Severity
5
CVSS
(AV:N/AC:L/Au:N/C:N/I:N/A:P)
Published
Nov 29, 2018
Added
Jul 11, 2025
Modified
Nov 27, 2025
Description
An issue has been found in PowerDNS Authoritative Server before 4.1.5 and PowerDNS Recursor before 4.1.5. The issue is due to the fact that some memory is allocated before the parsing and is not always properly released if the record is malformed.
In the authoritative server case, it allows an authorized user to cause a memory leak by inserting a specially crafted record in a zone under their control, then sending a DNS query for that record. In the case of the recursor, it allows a malicious authoritative server to cause a memory leak by sending specially crafted records.
In the authoritative server case, it allows an authorized user to cause a memory leak by inserting a specially crafted record in a zone under their control, then sending a DNS query for that record. In the case of the recursor, it allows a malicious authoritative server to cause a memory leak by sending specially crafted records.
Solution
arch-linux-upgrade-latest
References
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.