CVE-2015-5695

Exploit

EPSS 2.43%
Published 31.08.2017 22:29:00
Last modified 20.04.2025 01:37:25
Source cve@mitre.org
Teams watchlist Login
Open Login

Designate 2015.1.0 through 1.0.0.0b1 as packaged in OpenStack Kilo does not enforce RecordSets per domain, and Records per RecordSet quotas when processing an internal zone file transfer, which might allow remote attackers to cause a denial of service (infinite loop) via a crafted resource record set.

Affected products Warnungen 0 Metrics 3 CWE 1 References 9

Data is provided by the National Vulnerability Database (NVD)

Openstack ≫ Designate Version1.0.0.0b1

Openstack ≫ Designate Version1.0.0a0

Openstack ≫ Designate Version2015.1.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Type	Source	Score	Percentile
EPSS	FIRST.org	2.43%	0.837

CVSS Metriken
Source	Base Score	Exploit Score	Impact Score	Vector string
nvd@nist.gov	6.5	2.8	3.6	CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
nvd@nist.gov	4	8	2.9	AV:N/AC:L/Au:S/C:N/I:N/A:P

CWE-400 Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

http://lists.openstack.org/pipermail/openstack/2015-July/013548.html

Patch

Vendor Advisory

http://www.openwall.com/lists/oss-security/2015/07/28/11

Third Party Advisory

Mailing List

http://www.openwall.com/lists/oss-security/2015/07/29/6

Third Party Advisory

Mailing List

https://bugs.launchpad.net/designate/+bug/1471161

Third Party Advisory

Exploit