CVE-2015-5695

Exploit

EPSS 2.43%
Veröffentlicht 31.08.2017 22:29:00
Zuletzt bearbeitet 20.04.2025 01:37:25
Quelle cve@mitre.org
Teams Watchlist Login
Unerledigt Login

Designate 2015.1.0 through 1.0.0.0b1 as packaged in OpenStack Kilo does not enforce RecordSets per domain, and Records per RecordSet quotas when processing an internal zone file transfer, which might allow remote attackers to cause a denial of service (infinite loop) via a crafted resource record set.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 1 Referenzen 9

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Openstack ≫ Designate Version1.0.0.0b1

Openstack ≫ Designate Version1.0.0a0

Openstack ≫ Designate Version2015.1.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	2.43%	0.837

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	4	8	2.9	AV:N/AC:L/Au:S/C:N/I:N/A:P

CWE-400 Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

http://lists.openstack.org/pipermail/openstack/2015-July/013548.html

Patch

Vendor Advisory

http://www.openwall.com/lists/oss-security/2015/07/28/11

Third Party Advisory

Mailing List

http://www.openwall.com/lists/oss-security/2015/07/29/6

Third Party Advisory

Mailing List

https://bugs.launchpad.net/designate/+bug/1471161

Third Party Advisory

Exploit