CVE-2015-5695
Severity CVSS v4.0:
Pending analysis
Type:
CWE-400
Uncontrolled Resource Consumption ('Resource Exhaustion')
Publication date:
31/08/2017
Last modified:
20/04/2025
Description
Designate 2015.1.0 through 1.0.0.0b1 as packaged in OpenStack Kilo does not enforce RecordSets per domain, and Records per RecordSet quotas when processing an internal zone file transfer, which might allow remote attackers to cause a denial of service (infinite loop) via a crafted resource record set.
Impact
Base Score 3.x
6.50
Severity 3.x
MEDIUM
Base Score 2.0
4.00
Severity 2.0
MEDIUM
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:openstack:designate:1.0.0.0b1:*:*:*:*:*:*:* | ||
| cpe:2.3:a:openstack:designate:1.0.0a0:*:*:*:*:*:*:* | ||
| cpe:2.3:a:openstack:designate:2015.1.0:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://lists.openstack.org/pipermail/openstack/2015-July/013548.html
- http://www.openwall.com/lists/oss-security/2015/07/28/11
- http://www.openwall.com/lists/oss-security/2015/07/29/6
- https://bugs.launchpad.net/designate/+bug/1471161
- https://bugzilla.redhat.com/show_bug.cgi?id=1245241
- https://launchpadlibrarian.net/211525251/bug-1471161-quotas-master.patch
- http://lists.openstack.org/pipermail/openstack/2015-July/013548.html
- http://www.openwall.com/lists/oss-security/2015/07/28/11
- http://www.openwall.com/lists/oss-security/2015/07/29/6
- https://bugs.launchpad.net/designate/+bug/1471161
- https://bugzilla.redhat.com/show_bug.cgi?id=1245241
- https://launchpadlibrarian.net/211525251/bug-1471161-quotas-master.patch