VDB
CVE-2015-5695
CVE-2015-5695
REJECTED
Designate 2015.1.0 through 1.0.0.0b1 as packaged in OpenStack Kilo does not enforce RecordSets per domain, and Records per RecordSet quotas when processing an internal zone file transfer, which might allow remote attackers to cause a denial of service (infinite loop) via a crafted resource record set.
EPSS 2.43% · 85.5th percentile
Risk Scores
EPSS Score
2.43%
85.5th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:16.04:LTS | designate | 0, 1:1.0.0-0ubuntu1, 1:2.0.0~b2-0ubuntu1 |
Exploit Intelligence
- https://bugzilla.redhat.com/show_bug.cgi?id=1245241 (circl)
- [oss-security] 20150729 Re: Re: CVE Request - OpenStack Designate mDNS DoS through incorrect handling of large RecordSets (circl)
- https://launchpadlibrarian.net/211525251/bug-1471161-quotas-master.patch (circl)
- [Openstack] 20150728 [Security][LP# 1471161] Designate mDNS DoS through incorrect handling of large RecordSets (circl)
- [oss-security] 20150728 Re: CVE Request - OpenStack Designate mDNS DoS through incorrect handling of large RecordSets (circl)
- https://bugs.launchpad.net/designate/+bug/1471161 (vulncheck-nvd)
Timeline
- Aug 31, 2017 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Oct 26, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 8, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 2, 2023 EPSS Score
- May 25, 2023 EPSS Score
- Jul 16, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2015-5695 third-party-advisory
- https://marc.info/?l=oss-security&m=143811778831673&w=2 third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2015-5695 third-party-advisory